У нас вы можете посмотреть бесплатно Apache Tomcat Race Condition To RCE - CVE-2024-50379 или скачать в максимальном доступном качестве, видео которое было загружено на ютуб. Для загрузки выберите вариант из формы ниже:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием видео, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
Hi there, hope holiday is going well! In this quick video we take a look at a recent CVE, which is CVE-2024-50379. It is a vulnerability in Apache Tomcat, and specifically it is a TOCTOU race condition which can lead to RCE. It's actually a pretty dangerous vulnerability, given that it allows non authenticated users to execute arbitrary code. To be exploitable, you need to run a vulnerable version of apache tomcat on an operating system such as Windows, that has a case insensitive file system. Finally, you need to enable the readonly=false configuration in the web.xml, allowing users to upload files in the root directory of the server. In the video we discuss the vulnerability and I showcase a PoC that can be used to exploit it. Thank you for watching and let me know what you think of these videos where I analyze recently discovered CVEs. Material: https://github.com/LeonardoE95/yt-en/... NIST advisory: https://nvd.nist.gov/vuln/detail/CVE-... PoC: https://github.com/iSee857/CVE-2024-5... Blogpost: https://vulcan.io/blog/how-to-fix-cve...