{"vulnerability": "CVE-2024-5037", "sightings": [{"uuid": "7505b1b2-bd0e-4464-83a1-b3d3954a3a59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50378", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113447849756495688", "content": "", "creation_timestamp": "2024-11-08T14:40:10.610615Z"}, {"uuid": "dca9cf2f-313f-4ba6-98e9-180026680ede", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113685883850360893", "content": "", "creation_timestamp": "2024-12-20T15:35:21.591878Z"}, {"uuid": "e15068c7-eac6-40a9-a0aa-64b109229e5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3ldp7etjohw2w", "content": "", "creation_timestamp": "2024-12-20T01:12:03.467054Z"}, {"uuid": "1d315889-c671-43b2-b502-7d6df7d2b1f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ldqsi62and25", "content": "", "creation_timestamp": "2024-12-20T16:26:35.753102Z"}, {"uuid": "2c9806aa-b408-441f-a549-5d8e1c4bfb9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113668199636879118", "content": "", "creation_timestamp": "2024-12-17T12:38:01.836867Z"}, {"uuid": "50aca213-f5b4-48b3-8c03-0c4277ce6974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113680586153598714", "content": "", "creation_timestamp": "2024-12-19T17:08:05.227273Z"}, {"uuid": "0be4c6ab-bf6f-47cf-ba69-62bc912d109d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html", "content": "", "creation_timestamp": "2024-12-24T05:06:00.000000Z"}, {"uuid": "1f9b421d-2539-4e41-9b75-1634f700a366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/113708106021039311", "content": "", "creation_timestamp": "2024-12-24T13:46:44.846263Z"}, {"uuid": "1866d71a-e919-4faa-81db-d72560eb41a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://bsky.app/profile/xc0py.bsky.social/post/3le2skx52sc2x", "content": "", "creation_timestamp": "2024-12-24T15:54:47.874479Z"}, {"uuid": "286d9f48-df82-44c7-a4d2-da71a73fe8dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://infosec.exchange/users/obivan/statuses/113803734953935843", "content": "", "creation_timestamp": "2025-01-10T11:06:26.650824Z"}, {"uuid": "8489752c-7b72-495b-85e3-25aaf8a52865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://bsky.app/profile/areyou1or0.bsky.social/post/3leanozdtms2k", "content": "", "creation_timestamp": "2024-12-26T23:43:34.315596Z"}, {"uuid": "3170c060-a4cf-4861-bdbd-a9b481e85e19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://bsky.app/profile/opsmatters.bsky.social/post/3lfoba6mzmw2k", "content": "", "creation_timestamp": "2025-01-14T03:02:58.821528Z"}, {"uuid": "fffb7625-0a81-4ce8-beff-0f0318ee3473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfyuf3prwd25", "content": "", "creation_timestamp": "2025-01-18T08:12:22.684863Z"}, {"uuid": "0fba92b2-93e3-4490-b321-c3ed3b19ee74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://bsky.app/profile/decrypt.lol/post/3lg4euebvis2i", "content": "", "creation_timestamp": "2025-01-19T17:45:13.818500Z"}, {"uuid": "848e99a8-6264-40d3-a7e5-0b5e4d891148", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lq63lxwbu52n", "content": "", "creation_timestamp": "2025-05-27T16:16:43.466544Z"}, {"uuid": "8918857d-78d1-4659-806f-3a903f75c0a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ljym4xw6lc2b", "content": "", "creation_timestamp": "2025-03-10T03:25:27.300189Z"}, {"uuid": "5c0c1fff-f8ee-4239-8424-7bc0aca5c5eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114779416038120432", "content": "", "creation_timestamp": "2025-07-01T18:34:58.800443Z"}, {"uuid": "e0dde01c-d101-49f3-9f4c-b3c4401f4ce3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "bf0ee9b4-9475-4571-96a4-1f9be8b57ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3lswu4akkvs2p", "content": "", "creation_timestamp": "2025-07-01T23:29:38.153226Z"}, {"uuid": "513bd60b-36f5-449b-9beb-c93529876b4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1447", "content": "", "creation_timestamp": "2024-12-18T04:00:00.000000Z"}, {"uuid": "32236de8-7bec-408e-9e65-17379f4b1a76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "Telegram/G1YIpqTouZZ7RGRq-g0EK5R-A4RVmquYDNGd4eb7udpn90Y", "content": "", "creation_timestamp": "2025-06-14T15:00:07.000000Z"}, {"uuid": "133ff4b6-4528-4dbf-84de-4b8ac0d63faf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9520", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aApache Tomcat\uff08CVE-2024-50379\uff09\u6761\u4ef6\u7ade\u4e89\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u6279\u91cf\u68c0\u6d4b\u811a\u672c\nURL\uff1ahttps://github.com/iSee857/CVE-2024-50379-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-20T05:27:35.000000Z"}, {"uuid": "8174cfd9-1bb7-48d8-9476-8f1f4685fbbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/hackingbra/215", "content": "tomcat CVE-2024-50379/CVE-2024-56337\n*\n\u041f\u0440\u043e\u043a\u0430\u0447\u0430\u043d\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f", "creation_timestamp": "2024-12-26T02:57:28.000000Z"}, {"uuid": "f4792670-d12c-4c6c-899f-0c0ea77e9701", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9567", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1atomcat CVE-2024-50379 \u6761\u4ef6\u7ade\u4e89\u6587\u4ef6\u4e0a\u4f20exp\nURL\uff1ahttps://github.com/SleepingBag945/CVE-2024-50379\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-23T07:26:21.000000Z"}, {"uuid": "591bad1d-bdbd-4718-9542-a8bced5478e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9595", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-50379-exp\nURL\uff1ahttps://github.com/lizhianyuguangming/CVE-2024-50379-exp\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-25T02:46:52.000000Z"}, {"uuid": "b04a9415-decf-4c10-a2e0-5b14a3910ef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9572", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-50379\u5229\u7528\nURL\uff1ahttps://github.com/dear-cell/CVE-2024-50379\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-23T14:14:32.000000Z"}, {"uuid": "33cdcc73-1d1b-4809-a698-77d610096a9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9519", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aRepositorio para alojar un template de Nuclei para probar el CVE-2024-50379 (en fase de prueba)\nURL\uff1ahttps://github.com/JFOZ1010/Nuclei-Template-CVE-2024-50379\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-20T03:44:57.000000Z"}, {"uuid": "85f07171-ef6e-4a66-8b17-61e9024bc51d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/itsec_news/5047", "content": "\u200b\u26a1\ufe0fCVE-2024-56337: \u043d\u043e\u0432\u0430\u044f \u0443\u0433\u0440\u043e\u0437\u0430, \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u0430\u044f \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u0443 Tomcat\n\n\ud83d\udcac\u0424\u043e\u043d\u0434 Apache Software Foundation (ASF) \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432\u0430\u0436\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u043c \u041f\u041e Tomcat, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 (RCE) \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-56337, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0447\u0430\u0441\u0442\u0438\u0447\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b CVE-2024-50379 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9.8), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0437\u0430\u043a\u0440\u044b\u0442\u0430 17 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044e, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u0441 Tomcat \u043d\u0430 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0441 \u043d\u0435\u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e \u043a \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0443 \u0438 \u0432\u043a\u043b\u044e\u0447\u0451\u043d\u043d\u044b\u043c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u0437\u0430\u043f\u0438\u0441\u0438 \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u043b\u0435\u0442\u0430 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e (\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 readonly \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e \u0432 false), \u0434\u043e\u043b\u0436\u043d\u044b \u0432\u043d\u0435\u0441\u0442\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0434\u043b\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Java.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c \u0433\u043e\u043d\u043a\u0438 \u0442\u0438\u043f\u0430 (Race Condition) Time-of-check Time-of-use (TOCTOU). \u041e\u043d\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445, \u043d\u0435\u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043a \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0443, \u043a\u043e\u0433\u0434\u0430 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d \u0441\u0435\u0440\u0432\u043b\u0435\u0442 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u0437\u0430\u043f\u0438\u0441\u0438.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0440\u0438 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u043c \u0447\u0442\u0435\u043d\u0438\u0438 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u043e\u0434\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043f\u043e\u0434 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u043e\u0439, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u043a \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0443 \u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442\u044c \u043a \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043a\u0430\u043a JSP, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-56337 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Apache Tomcat:\n\nApache Tomcat 11.0.0-M1 \u0434\u043e 11.0.1 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 11.0.2 \u0438 \u0432\u044b\u0448\u0435);\nApache Tomcat 10.1.0-M1 \u0434\u043e 10.1.33 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 10.1.34 \u0438 \u0432\u044b\u0448\u0435);\nApache Tomcat 9.0.0.M1 \u0434\u043e 9.0.97 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 9.0.98 \u0438 \u0432\u044b\u0448\u0435).\n\u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0442\u0430\u043a\u0436\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u043d\u0435\u0441\u0442\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Java:\n\n\u0414\u043b\u044f Java 8 \u0438 Java 11: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0435 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u043e sun.io.useCanonCaches \u0432 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 false (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u2014 true).\n\u0414\u043b\u044f Java 17: \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u0447\u0442\u043e \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u043e sun.io.useCanonCaches \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043e (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043e\u043d\u043e \u0443\u0436\u0435 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043e).\n\u0414\u043b\u044f Java 21 \u0438 \u043d\u043e\u0432\u0435\u0435: \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f, \u0442\u0430\u043a \u043a\u0430\u043a \u0434\u0430\u043d\u043d\u043e\u0435 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u043e \u0443\u0436\u0435 \u0431\u044b\u043b\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u043e.\nASF \u043f\u043e\u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u0438\u043b\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Nacl, WHOAMI, Yemoli \u0438 Ruozhi \u0437\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 KnownSec 404 Team \u0437\u0430 \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 CVE-2024-56337 \u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-12-24T06:43:49.000000Z"}, {"uuid": "433d2e86-e7ef-42a2-ade8-dd03442b9467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9605", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aTesting the latset Apache Tomcat CVE-2024-50379 Vuln\nURL\uff1ahttps://github.com/bigb0x/CVE-2024-50379\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-25T21:51:35.000000Z"}, {"uuid": "f4f520d2-f6b7-482d-a546-43a6c1683e6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9539", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aRCE through a race condition in Apache Tomcat\nURL\uff1ahttps://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-21T05:58:03.000000Z"}, {"uuid": "66ade846-9db4-4cb5-989c-0820780cc280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8170", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50379\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.\n\ud83d\udccf Published: 2024-12-17T12:34:54.827Z\n\ud83d\udccf Modified: 2025-03-20T03:55:50.524Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r", "creation_timestamp": "2025-03-20T04:18:31.000000Z"}, {"uuid": "ac5f7664-5b26-4d48-a371-0cba470a59d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/CyberBulletin/1832", "content": "\u26a1\ufe0fDeep Dive & POC of CVE-2024-50379 Exploit Tomcat Vulnerability (9.8 Severity).\n\n#CyberBulletin", "creation_timestamp": "2024-12-27T01:03:13.000000Z"}, {"uuid": "720d3a42-6704-4294-b521-12e4ffa5ac71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50378", "type": "seen", "source": "https://t.me/cvedetector/10199", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50378 - Airflow Unencrypted Audit Log Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-50378 \nPublished : Nov. 8, 2024, 3:15 p.m. | 39\u00a0minutes ago \nDescription : Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see.\u00a0When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T17:12:24.000000Z"}, {"uuid": "b242f222-5191-49ab-b23c-48bf17869e2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/CyberBulletin/1776", "content": "\u26a1\ufe0fRCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677.\n\n#CyberBulletin", "creation_timestamp": "2024-12-18T12:14:46.000000Z"}, {"uuid": "9065f9ab-bf4c-45f7-ad49-d4f169ff3539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/kasperskyb2b/1574", "content": "\u2b50\ufe0f \u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411\n\n\ud83d\ude11 \u0423\u0433\u0440\u043e\u0437\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c \u0410\u0421\u0423 \u0432 3 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2024 \u0433\u043e\u0434\u0430: \u043e\u0431\u0437\u043e\u0440 \u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430. \u0422\u043e\u043f \u0441\u0438\u0441\u0442\u0435\u043c, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b, \u0432\u043e\u0437\u0433\u043b\u0430\u0432\u0438\u043b\u0438 \u0431\u0438\u043e\u043c\u0435\u0442\u0440\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \n\n\ud83d\uddff \u0420\u0430\u0437\u0431\u043e\u0440 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b Masque, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0432 2024 \u0433\u043e\u0434\u0443 \u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0439 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u0439 \u0432\u044b\u0433\u043e\u0434\u044b.  \u0417\u0430\u0445\u043e\u0434\u044f\u0442 \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u0442\u0451\u043a\u0448\u0438\u0435 \u0431\u0438\u043b\u0434\u0435\u0440\u044b Lockbit \u0438 Babuk.\n\n\ud83d\ude80 \u0412 \u0444\u0430\u0439\u0440\u0432\u043e\u043b\u0430\u0445 Palo Alto, \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 CVE-2024-9474, \u0432\u044b\u043b\u043e\u0432\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 Littlelamb.Wooltea. \u041e\u0447\u0435\u043d\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u043e\u0442\u0447\u0451\u0442 \u043e \u043d\u0451\u043c \u0445\u043e\u0440\u043e\u0448\u043e \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442, \u043a\u0430\u043a \u043e\u043f\u044b\u0442\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0430 \u043f\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\ud83d\udfe3\u0421\u043f\u0438\u0441\u043e\u043a \u0438\u0437 2,5 \u0442\u044b\u0441\u044f\u0447 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 Astrill VPN, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043e\u0447\u0435\u043d\u044c \u043b\u044e\u0431\u044f\u0442 \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0438\u0435 APT.\n\n\u2764\ufe0f\u041e\u0431\u0437\u043e\u0440 \u0444\u0438\u0448\u0438\u043d\u0433-\u043a\u0438\u0442\u0430 WikiKit, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0433\u043e \u0441\u0432\u043e\u0451 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u0437\u0430 \u0442\u043e, \u0447\u0442\u043e \u043e\u043d \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0443\u0435\u0442 \u043d\u0435\u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0449\u0438\u0445 \u0436\u0435\u0440\u0442\u0432 \u043d\u0430 \u0412\u0438\u043a\u0438\u043f\u0435\u0434\u0438\u044e.\n\n\ud83d\ude35\u200d\ud83d\udcab \u041f\u044f\u0442\u044c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0439 Chrome, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u043e\u0442 \u0418\u0411-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Cyberhaven, \u0431\u044b\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0438 \u043f\u043e\u043f\u0430\u043b\u0438 \u0432 \u043c\u0430\u0433\u0430\u0437\u0438\u043d Chrome. \u0415\u0449\u0451 \u043e\u0434\u0438\u043d \u043f\u043e\u0432\u043e\u0434 \u043f\u043e\u0434\u0447\u0438\u043d\u0438\u0442\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0439 \u0432 \u0425\u0440\u043e\u043c \u0441\u0442\u0440\u043e\u0433\u0438\u043c \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430\u043c.\n\n\ud83d\udfe2\u041d\u043e\u0432\u044b\u0439 \u0434\u0435\u043d\u044c \u2014 \u043d\u043e\u0432\u043e\u0435 \u0412\u041f\u041e \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 open source. \u0422\u0435\u043f\u0435\u0440\u044c \u0447\u0435\u0440\u0435\u0437 PyPi \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u0441\u0442\u0438\u043b\u0435\u0440\u044b Cometlogger \u0438 Zebo.\n\n\ud83d\udfe3\u0410 Lockbit \u0441\u043e\u0431\u0440\u0430\u043b\u0438\u0441\u044c \u043e\u0442\u043f\u0440\u0430\u0437\u0434\u043d\u043e\u0432\u0430\u0442\u044c \u0433\u043e\u0434\u043e\u0432\u0449\u0438\u043d\u0443 \u0440\u0430\u0437\u0433\u043e\u043d\u0430 \u0433\u0440\u0443\u043f\u043f\u044b \u043f\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0435\u043b\u044f\u043c\u0438 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c Lockbit 4.0.\n\n\ud83d\ude35 \u0426\u0435\u043b\u0430\u044f \u043f\u0430\u0447\u043a\u0430 \u0441\u0440\u043e\u0447\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0418\u0422-\u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u043e\u043c\u0440\u0430\u0447\u0438\u043b\u0438 \u0430\u0434\u043c\u0438\u043d\u0430\u043c \u043f\u0440\u0430\u0437\u0434\u043d\u0438\u0447\u043d\u044b\u0439 \u0441\u0435\u0437\u043e\u043d. \u041e\u0442\u043c\u0435\u0442\u0438\u043c CVE-2024-52046 \u0432 Apache MINA (CVSS 10), CVE-2024-45387 \u0432 Apache Traffic Ops (CVSS 9.9) \u0438 \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0443\u044e CVE-2024-43441 \u0432 OpenGraph. \u0410 \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u0435\u0434\u0432\u0430 \u0432\u044b\u0434\u043e\u0445\u043d\u0443\u043b, \u0437\u0430\u043b\u0430\u0442\u0430\u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e CVE-2024-50379 \u0432 Apache Tomcat, \u0442\u043e\u0436\u0435 \u0435\u0441\u0442\u044c \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u044b\u0435 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u2014 \u0444\u0438\u043a\u0441 \u0431\u044b\u043b \u043d\u0435\u043f\u043e\u043b\u043d\u044b\u043c, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0439\u0442\u0435 CVE-2024-56337 \u0438 \u043d\u0430\u0447\u0438\u043d\u0430\u0439\u0442\u0435 \u0441\u043d\u0430\u0447\u0430\u043b\u0430. \u0414\u0430, \u0438 CVE-2024-53677 \u0432 Struts \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u043d\u0435 \u0437\u0430\u0431\u0443\u0434\u044c\u0442\u0435.\n\u0421\u043d\u043e\u0432\u0430 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438\u0441\u044c \u0438 Palo Alto \u0441 DoS \u0432 PAN-OS (CVE-2024-3393, CVSS 8.7).\n\n\ud83d\udc4b \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435 \u0447\u0442\u0438\u0432\u043e \u043d\u0430 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0435: \u043a\u0430\u043a \u043b\u044e\u0431\u0438\u043c\u0430\u044f \u0441\u0442\u0430\u0440\u0442\u0430\u043f\u0430\u043c\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0438\u043c\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043e\u0444\u0438\u0441\u043e\u0432 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043b\u0435\u0433\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0444\u0430\u0441\u0430\u0434\u0430 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #APT #\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 @\u041f2\u0422", "creation_timestamp": "2024-12-28T08:57:19.000000Z"}, {"uuid": "730e3b73-dd8c-4cba-a221-cd778adf2826", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/cvedetector/13091", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50379 - Apache Tomcat TOCTOU Race Condition RCE on Case Insensitive File Systems\", \n  \"Content\": \"CVE ID : CVE-2024-50379 \nPublished : Dec. 17, 2024, 1:15 p.m. | 37\u00a0minutes ago \nDescription : Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).  \n  \nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.  \n  \nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T15:06:15.000000Z"}, {"uuid": "567123f7-1272-4ffa-9799-3d58e26dc5cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/cvedetector/13444", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56337 - Apache Tomcat CaseInsensitive TOCTOU Race Condition Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56337 \nPublished : Dec. 20, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.  \n  \nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.  \n  \nThe mitigation for CVE-2024-50379 was incomplete.  \n  \nUsers running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation   \nparameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:  \n- running on Java 8 or Java 11: the system property\u00a0sun.io.useCanonCaches must be explicitly set to false (it defaults to true)  \n- running on Java 17: the\u00a0system property sun.io.useCanonCaches, if set, must be set to false\u00a0(it defaults to false)  \n- running on Java 21 onwards: no further configuration is required\u00a0(the system property and the problematic cache have been removed)  \n  \nTomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that\u00a0sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set\u00a0sun.io.useCanonCaches to false by default where it can. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T18:25:23.000000Z"}, {"uuid": "e6b20fa5-55ae-4dc1-b824-01024c4d6d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/2404", "content": "\ud83d\ude08CVE-2024-50379 Apache Tomcat\n*\nExiste un problema con una condici\u00f3n de carrera de verificaci\u00f3n de tiempo de uso ( TOCTOU ) que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo ( RCE ), especialmente en sistemas de archivos que no distinguen entre may\u00fasculas y min\u00fasculas, como Windows .\n\nExplotaci\u00f3n y POC", "creation_timestamp": "2024-12-26T02:02:14.000000Z"}, {"uuid": "59846575-35f8-4d40-aa01-4e966a8330b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/2391", "content": "#exploit\n1. CVE-2024-50379:\nApache Tomcat RCE\nhttps://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc\n\n2. CVE-2024-48990:\nQualys needrestart <3.8 - Uncontrolled Search Path Element\nhttps://github.com/makuga01/CVE-2024-48990-PoC", "creation_timestamp": "2024-12-25T20:08:04.000000Z"}, {"uuid": "0bcad018-7637-4376-ae6f-338d8fe9e58d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "Telegram/Y_xPY5an29zAjBEjsanjtpLbpBVw7mFfDR_wSaO-iTXPUi8", "content": "", "creation_timestamp": "2025-03-11T00:00:12.000000Z"}, {"uuid": "f4e1e9d6-9695-41ff-8112-631d8dfb49d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "Telegram/eVIPFGRhkq3YCk2O8BWYITIBkjx0dvNLYbcNpq7wmBtPfw", "content": "", "creation_timestamp": "2024-12-24T11:23:07.000000Z"}, {"uuid": "49ff5ce7-a361-43d5-b3b8-b8f7940d8e1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1392", "content": "#Github #Tools\n\nTool for reverse engineering macOS/OS X.\n\nhttps://github.com/steven-michaud/HookCase\n\nCVE-2024-50379: RCE through a race condition in Apache Tomcat\n\nPoC\nhttps://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc?tab=readme-ov-file\n\nawesome-linux-attack-forensics-purplelabs : Hands-on research around advanced Linux attacks, detection and forensics techniques and tools \n\nhttps://github.com/cr0nx/awesome-linux-attack-forensics-purplelabs\n\nA tool for automating cracking methodologies through Hashcat from the TrustedSec team.\n\nhttps://github.com/trustedsec/hate_crack\n\nCrystalDump : Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!) : \n\nhttps://github.com/ricardojoserf/NativeDump/tree/crystal-flavour  \n\n#HackersForum", "creation_timestamp": "2024-12-30T05:01:48.000000Z"}, {"uuid": "8aee7265-c14e-4cbc-8a56-a4b3ee40d74c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/CyberDilara/1370", "content": "#Github #Tools\n\n[WACV 2025] Official implementation of \"Face Anonymization Made Simple\"\n\nhttps://github.com/hanweikung/face_anon_simple\n\nTomcat CVE-2024-50379/CVE-2024-56337 \u6761\u4ef6\u7ade\u4e89\u6587\u4ef6\u4e0a\u4f20exp\n\nhttps://github.com/SleepingBag945/CVE-2024-50379\n\nHackthebox Theme For Terminal - A collection of config files for linux focusing on hackthebox theme based on the labsand academy platform.\n\nhttps://github.com/botnetbuddies/hackthebox-themes\n\nA BloodHound collector for Microsoft Configuration Manager\n\nhttps://github.com/CrowdStrike/sccmhound\n\nThis page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.\n\nhttps://github.com/cr0nx/awesome-linux-attack-forensics-purplelabs\n\nCVE-2024-50379 Exploitation and POC\n\nhttps://github.com/v3153/CVE-2024-50379-POC\n\n#HackersForum", "creation_timestamp": "2024-12-27T03:14:43.000000Z"}, {"uuid": "26f8f7fd-b291-4d08-a0d3-84d736209902", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "Telegram/QaDCHeyCTQEDx9YMMCpkZWSmm-dNNJ2lC0YJEGLd_C3RP10", "content": "", "creation_timestamp": "2025-03-31T21:00:07.000000Z"}, {"uuid": "974c1658-57cd-49ca-a8de-4bb1371bf4de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "Telegram/cacBQ5bN-vmwnt3DR7dLi1PlBkYQLfgr4qnQira8PDCN7qo", "content": "", "creation_timestamp": "2025-01-23T20:00:07.000000Z"}, {"uuid": "bf78cd2e-6c3b-4cd7-922f-59ea5ed3ece7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "Telegram/LP1aIPk-AqT4UlTzgS4QSA_6Iy4XQeN8b-9YQBsDnSHrbTw", "content": "", "creation_timestamp": "2025-01-23T16:00:09.000000Z"}, {"uuid": "6ab7c22b-1d1c-4715-a412-d66b4ae51ac5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "Telegram/kVJLfrzqzFDzMEQqpoUmUp6GwO_SK6INlXOcFg_lbdv1buw", "content": "", "creation_timestamp": "2025-03-04T04:00:14.000000Z"}, {"uuid": "acb4b756-26a5-445b-9d48-6986d87da163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "Telegram/QJNKafZ39RPUBf0W2FOX1OlC1JbKcylQtoMgEZm-Z-wGay4", "content": "", "creation_timestamp": "2025-03-04T04:00:07.000000Z"}, {"uuid": "aa6ade9e-0e01-4695-ad80-56676759813c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "Telegram/82a2CCv2PPefBAywwzeR-yS_ueYglGvjGZeFL5Nia0p4qd8", "content": "", "creation_timestamp": "2025-03-22T08:00:11.000000Z"}, {"uuid": "9f63fedd-ad46-442e-ad1e-ee1ef3392ee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "Telegram/Oxq5SO8-21GQipP6NIDCbdDkAA225btYdW6eEU8zypkEJg0", "content": "", "creation_timestamp": "2025-03-15T22:00:06.000000Z"}, {"uuid": "3d8f7cb7-47f0-4935-90f5-348e33807614", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/cybersecs/3497", "content": "https://github.com/SleepingBag945/CVE-2024-50379", "creation_timestamp": "2024-12-25T16:19:23.000000Z"}, {"uuid": "ad850c46-fb51-4ab7-8f9c-bb8068043e15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/9207", "content": "#Github #Tools\n\n[WACV 2025] Official implementation of \"Face Anonymization Made Simple\"\n\nhttps://github.com/hanweikung/face_anon_simple\n\nTomcat CVE-2024-50379/CVE-2024-56337 \u6761\u4ef6\u7ade\u4e89\u6587\u4ef6\u4e0a\u4f20exp\n\nhttps://github.com/SleepingBag945/CVE-2024-50379\n\nHackthebox Theme For Terminal - A collection of config files for linux focusing on hackthebox theme based on the labsand academy platform.\n\nhttps://github.com/botnetbuddies/hackthebox-themes\n\nA BloodHound collector for Microsoft Configuration Manager\n\nhttps://github.com/CrowdStrike/sccmhound\n\nThis page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.\n\nhttps://github.com/cr0nx/awesome-linux-attack-forensics-purplelabs\n\nCVE-2024-50379 Exploitation and POC\n\nhttps://github.com/v3153/CVE-2024-50379-POC\n\n#HackersForum", "creation_timestamp": "2024-12-27T03:14:48.000000Z"}, {"uuid": "795a92dc-677c-4ccb-b798-81225b3cc461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/9224", "content": "#Github #Tools\n\nTool for reverse engineering macOS/OS X.\n\nhttps://github.com/steven-michaud/HookCase\n\nCVE-2024-50379: RCE through a race condition in Apache Tomcat\n\nPoC\nhttps://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc?tab=readme-ov-file\n\nawesome-linux-attack-forensics-purplelabs : Hands-on research around advanced Linux attacks, detection and forensics techniques and tools \n\nhttps://github.com/cr0nx/awesome-linux-attack-forensics-purplelabs\n\nA tool for automating cracking methodologies through Hashcat from the TrustedSec team.\n\nhttps://github.com/trustedsec/hate_crack\n\nCrystalDump : Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!) : \n\nhttps://github.com/ricardojoserf/NativeDump/tree/crystal-flavour  \n\n#HackersForum", "creation_timestamp": "2024-12-30T05:01:52.000000Z"}, {"uuid": "083a0ec3-58d9-409f-a58d-6f23773069eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/4128", "content": "#GitHub #Tools \n\nA tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs).\n\nhttps://github.com/Leo4j/PowerDACL\n\nTomcat CVE-2024-50379/CVE-2024-56337 \u6761\u4ef6\u7ade\u4e89\u6587\u4ef6\u4e0a\u4f20exp\n\nhttps://github.com/SleepingBag945/CVE-2024-50379\n\nShort, but interesting list of sensitive data and bug bounty dorks.\n\nhttps://github.com/fatguru/dorks\n\nOpen source obfuscation tool for .NET assemblies\n\nhttps://github.com/obfuscar/obfuscar\n\nCrlfuzz tool vs my nuclei template:\ncrlfuzz only detected crlf in one target from list but my template finded more with GBK encoding payload also.\n\nhttps://github.com/coffinxp/nuclei-templates/blob/main/cRlf.yaml\n\n#Tools@dilagrafie", "creation_timestamp": "2025-01-29T08:06:35.000000Z"}, {"uuid": "6e3fa79d-9507-4d40-a095-a5ba4c6ddcd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/4051", "content": "#Github #Tools\n\nTool for reverse engineering macOS/OS X.\n\nhttps://github.com/steven-michaud/HookCase\n\nCVE-2024-50379: RCE through a race condition in Apache Tomcat\n\nPoC\nhttps://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc?tab=readme-ov-file\n\nawesome-linux-attack-forensics-purplelabs : Hands-on research around advanced Linux attacks, detection and forensics techniques and tools \n\nhttps://github.com/cr0nx/awesome-linux-attack-forensics-purplelabs\n\nA tool for automating cracking methodologies through Hashcat from the TrustedSec team.\n\nhttps://github.com/trustedsec/hate_crack\n\nCrystalDump : Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!) : \n\nhttps://github.com/ricardojoserf/NativeDump/tree/crystal-flavour  \n\n#HackersForum", "creation_timestamp": "2024-12-30T05:01:43.000000Z"}, {"uuid": "d6c4a118-d7e4-45d5-9cbb-d998b249b09a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/dilagrafie/4036", "content": "#Github #Tools\n\n[WACV 2025] Official implementation of \"Face Anonymization Made Simple\"\n\nhttps://github.com/hanweikung/face_anon_simple\n\nTomcat CVE-2024-50379/CVE-2024-56337 \u6761\u4ef6\u7ade\u4e89\u6587\u4ef6\u4e0a\u4f20exp\n\nhttps://github.com/SleepingBag945/CVE-2024-50379\n\nHackthebox Theme For Terminal - A collection of config files for linux focusing on hackthebox theme based on the labsand academy platform.\n\nhttps://github.com/botnetbuddies/hackthebox-themes\n\nA BloodHound collector for Microsoft Configuration Manager\n\nhttps://github.com/CrowdStrike/sccmhound\n\nThis page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.\n\nhttps://github.com/cr0nx/awesome-linux-attack-forensics-purplelabs\n\nCVE-2024-50379 Exploitation and POC\n\nhttps://github.com/v3153/CVE-2024-50379-POC\n\n#HackersForum", "creation_timestamp": "2024-12-27T03:14:32.000000Z"}, {"uuid": "e9a82ad8-5ad5-4793-a85d-aa7051ab39f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7946", "content": "#GitHub #Tools \n\nA tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs).\n\nhttps://github.com/Leo4j/PowerDACL\n\nTomcat CVE-2024-50379/CVE-2024-56337 \u6761\u4ef6\u7ade\u4e89\u6587\u4ef6\u4e0a\u4f20exp\n\nhttps://github.com/SleepingBag945/CVE-2024-50379\n\nShort, but interesting list of sensitive data and bug bounty dorks.\n\nhttps://github.com/fatguru/dorks\n\nOpen source obfuscation tool for .NET assemblies\n\nhttps://github.com/obfuscar/obfuscar\n\nCrlfuzz tool vs my nuclei template:\ncrlfuzz only detected crlf in one target from list but my template finded more with GBK encoding payload also.\n\nhttps://github.com/coffinxp/nuclei-templates/blob/main/cRlf.yaml\n\n#Tools@dilagrafie", "creation_timestamp": "2025-01-31T11:35:51.000000Z"}, {"uuid": "875d9fbf-df10-4749-9970-26d18d787a40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/GrayHatsHack/7788", "content": "#Github #Tools\n\n[WACV 2025] Official implementation of \"Face Anonymization Made Simple\"\n\nhttps://github.com/hanweikung/face_anon_simple\n\nTomcat CVE-2024-50379/CVE-2024-56337 \u6761\u4ef6\u7ade\u4e89\u6587\u4ef6\u4e0a\u4f20exp\n\nhttps://github.com/SleepingBag945/CVE-2024-50379\n\nHackthebox Theme For Terminal - A collection of config files for linux focusing on hackthebox theme based on the labsand academy platform.\n\nhttps://github.com/botnetbuddies/hackthebox-themes\n\nA BloodHound collector for Microsoft Configuration Manager\n\nhttps://github.com/CrowdStrike/sccmhound\n\nThis page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.\n\nhttps://github.com/cr0nx/awesome-linux-attack-forensics-purplelabs\n\nCVE-2024-50379 Exploitation and POC\n\nhttps://github.com/v3153/CVE-2024-50379-POC\n\n#HackersForum", "creation_timestamp": "2024-12-27T03:14:48.000000Z"}, {"uuid": "05c8abcd-cf79-4c26-ad1f-702364e51923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/proxy_bar/2445", "content": "tomcat CVE-2024-50379/CVE-2024-56337\n*\n\u041f\u0440\u043e\u043a\u0430\u0447\u0430\u043d\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f", "creation_timestamp": "2024-12-24T19:45:29.000000Z"}, {"uuid": "7190bb4f-1ecf-4efc-9a25-6a071ed8dd9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7803", "content": "#Github #Tools\n\nTool for reverse engineering macOS/OS X.\n\nhttps://github.com/steven-michaud/HookCase\n\nCVE-2024-50379: RCE through a race condition in Apache Tomcat\n\nPoC\nhttps://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc?tab=readme-ov-file\n\nawesome-linux-attack-forensics-purplelabs : Hands-on research around advanced Linux attacks, detection and forensics techniques and tools \n\nhttps://github.com/cr0nx/awesome-linux-attack-forensics-purplelabs\n\nA tool for automating cracking methodologies through Hashcat from the TrustedSec team.\n\nhttps://github.com/trustedsec/hate_crack\n\nCrystalDump : Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!) : \n\nhttps://github.com/ricardojoserf/NativeDump/tree/crystal-flavour  \n\n#HackersForum", "creation_timestamp": "2024-12-30T05:01:52.000000Z"}, {"uuid": "c1f0f15a-555b-4ec4-87cb-5913c7b5430c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50375", "type": "seen", "source": "https://t.me/true_secator/6491", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u044b:\n\n1. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u0441\u043a\u043e\u0432 \u043c\u0430\u044f\u043a\u0438 \u043d\u0430 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f\u0445 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0436\u0431 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442 \u044d\u0444\u0444\u0435\u043a\u0442 EpileptiCar, \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0441\u043b\u0435\u043f\u043b\u044f\u044f \u043a\u0430\u043a \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u0435, \u0442\u0430\u043a \u0438 \u043d\u0430 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Advanced Driver-Assistance Systems (ADAS) \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u0441\u0442\u0432\u0443\u044f \u0442\u0435\u043c \u0441\u0430\u043c\u044b\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u044b\u0445 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0439.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u044d\u0444\u0444\u0435\u043a\u0442 EpileptiCar \u0443\u0441\u0438\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u043e\u0447\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0441\u0443\u0442\u043e\u043a \u0438\u0437-\u0437\u0430 \u0440\u0430\u0441\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0434\u043e \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0439 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0436\u0431, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u043a\u0430\u043c\u0435\u0440\u044b \u0431\u0435\u0441\u043f\u0438\u043b\u043e\u0442\u043d\u043e\u0433\u043e \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f.\n\n2. SSD Disclosure \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0432 \u0445\u043e\u0434\u0435 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 TyphoonPWN 2024 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e Microsoft \u043f\u043e\u0441\u0447\u0438\u0442\u0430\u043b\u0430 \u0435\u0435 \u0434\u0443\u0431\u043b\u0438\u043a\u0430\u0442\u043e\u043c, \u0437\u0430\u044f\u0432\u043b\u044f\u044f, \u0447\u0442\u043e \u043e\u043d\u0430 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430. \u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u043e \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Windows 11.\n\n3. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Source Incite \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u0442\u0430\u0442\u044c\u044e, \u043e\u0441\u0432\u0435\u0449\u0430\u044f \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0434\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Spring Java, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f RCE.\n\n4. ERNW \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 command injection, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u043c\u043e\u0433\u0430\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0432 Kemp LoadMaster \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0448\u0438\u0431\u043a\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-7591 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438\u00a010/10.\n\n5. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043c\u043e\u0433 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043d\u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c \u043f\u043e\u0440\u0442\u0430\u043b\u0435 Microsoft Partner. Microsoft \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430\u00a0\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435. \u041a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431 \u0430\u0442\u0430\u043a\u0435 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442\u0441\u044f.\n\n6. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Nozomi Networks \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043e\u043a\u043e\u043b\u043e \u0434\u0432\u0443\u0445 \u0434\u0435\u0441\u044f\u0442\u043a\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u0442\u043e\u0447\u043a\u0430\u0445 \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 Advantech EKI, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\n6 \u0438\u0437 20 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (\u043e\u0442 CVE-2024-50370 \u0434\u043e CVE-2024-50375 \u0441 CVSS: 9,8) \u0431\u044b\u043b\u0438 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u044b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u043f\u0443\u0442\u0435\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u0430, \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438 \u0434\u0430\u0436\u0435 \u043f\u0435\u0440\u0435\u043f\u0440\u043e\u0444\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0435 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0435 \u0442\u043e\u0447\u043a\u0438 \u0432 \u0440\u0430\u0431\u043e\u0447\u0438\u0435 \u0441\u0442\u0430\u043d\u0446\u0438\u0438 Linux \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 CVE-2024-50376 (CVSS: 7,3) \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 CVE-2024-50359 (CVSS: 7,2) \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u043e \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0439 \u0441\u0435\u0442\u0438.\n\n7. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Jenkins \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u0434\u0432\u0443\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432.", "creation_timestamp": "2024-11-29T17:20:05.000000Z"}, {"uuid": "e85f81f6-734b-44f1-a3f5-d0ee7ff90a56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50370", "type": "seen", "source": "https://t.me/true_secator/6491", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u044b:\n\n1. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u0441\u043a\u043e\u0432 \u043c\u0430\u044f\u043a\u0438 \u043d\u0430 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f\u0445 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0436\u0431 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442 \u044d\u0444\u0444\u0435\u043a\u0442 EpileptiCar, \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0441\u043b\u0435\u043f\u043b\u044f\u044f \u043a\u0430\u043a \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u0435, \u0442\u0430\u043a \u0438 \u043d\u0430 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Advanced Driver-Assistance Systems (ADAS) \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u0441\u0442\u0432\u0443\u044f \u0442\u0435\u043c \u0441\u0430\u043c\u044b\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u044b\u0445 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0439.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u044d\u0444\u0444\u0435\u043a\u0442 EpileptiCar \u0443\u0441\u0438\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u043e\u0447\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0441\u0443\u0442\u043e\u043a \u0438\u0437-\u0437\u0430 \u0440\u0430\u0441\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0434\u043e \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0439 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0436\u0431, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u043a\u0430\u043c\u0435\u0440\u044b \u0431\u0435\u0441\u043f\u0438\u043b\u043e\u0442\u043d\u043e\u0433\u043e \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f.\n\n2. SSD Disclosure \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0432 \u0445\u043e\u0434\u0435 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 TyphoonPWN 2024 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e Microsoft \u043f\u043e\u0441\u0447\u0438\u0442\u0430\u043b\u0430 \u0435\u0435 \u0434\u0443\u0431\u043b\u0438\u043a\u0430\u0442\u043e\u043c, \u0437\u0430\u044f\u0432\u043b\u044f\u044f, \u0447\u0442\u043e \u043e\u043d\u0430 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430. \u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u043e \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Windows 11.\n\n3. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Source Incite \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u0442\u0430\u0442\u044c\u044e, \u043e\u0441\u0432\u0435\u0449\u0430\u044f \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0434\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Spring Java, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f RCE.\n\n4. ERNW \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 command injection, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u043c\u043e\u0433\u0430\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0432 Kemp LoadMaster \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0448\u0438\u0431\u043a\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-7591 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438\u00a010/10.\n\n5. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043c\u043e\u0433 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043d\u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c \u043f\u043e\u0440\u0442\u0430\u043b\u0435 Microsoft Partner. Microsoft \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430\u00a0\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435. \u041a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431 \u0430\u0442\u0430\u043a\u0435 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442\u0441\u044f.\n\n6. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Nozomi Networks \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043e\u043a\u043e\u043b\u043e \u0434\u0432\u0443\u0445 \u0434\u0435\u0441\u044f\u0442\u043a\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u0442\u043e\u0447\u043a\u0430\u0445 \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 Advantech EKI, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\n6 \u0438\u0437 20 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (\u043e\u0442 CVE-2024-50370 \u0434\u043e CVE-2024-50375 \u0441 CVSS: 9,8) \u0431\u044b\u043b\u0438 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u044b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u043f\u0443\u0442\u0435\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u0430, \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438 \u0434\u0430\u0436\u0435 \u043f\u0435\u0440\u0435\u043f\u0440\u043e\u0444\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0435 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0435 \u0442\u043e\u0447\u043a\u0438 \u0432 \u0440\u0430\u0431\u043e\u0447\u0438\u0435 \u0441\u0442\u0430\u043d\u0446\u0438\u0438 Linux \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 CVE-2024-50376 (CVSS: 7,3) \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 CVE-2024-50359 (CVSS: 7,2) \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u043e \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0439 \u0441\u0435\u0442\u0438.\n\n7. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Jenkins \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u0434\u0432\u0443\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432.", "creation_timestamp": "2024-11-29T17:20:05.000000Z"}, {"uuid": "1b3d627c-6217-4f21-9a6b-a0faffa8c279", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50376", "type": "seen", "source": "https://t.me/true_secator/6491", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u044b:\n\n1. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u0441\u043a\u043e\u0432 \u043c\u0430\u044f\u043a\u0438 \u043d\u0430 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f\u0445 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0436\u0431 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442 \u044d\u0444\u0444\u0435\u043a\u0442 EpileptiCar, \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0441\u043b\u0435\u043f\u043b\u044f\u044f \u043a\u0430\u043a \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u0435, \u0442\u0430\u043a \u0438 \u043d\u0430 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Advanced Driver-Assistance Systems (ADAS) \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u0441\u0442\u0432\u0443\u044f \u0442\u0435\u043c \u0441\u0430\u043c\u044b\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u044b\u0445 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0439.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u044d\u0444\u0444\u0435\u043a\u0442 EpileptiCar \u0443\u0441\u0438\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u043e\u0447\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0441\u0443\u0442\u043e\u043a \u0438\u0437-\u0437\u0430 \u0440\u0430\u0441\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0434\u043e \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0439 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0436\u0431, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u043a\u0430\u043c\u0435\u0440\u044b \u0431\u0435\u0441\u043f\u0438\u043b\u043e\u0442\u043d\u043e\u0433\u043e \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f.\n\n2. SSD Disclosure \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0432 \u0445\u043e\u0434\u0435 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 TyphoonPWN 2024 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e Microsoft \u043f\u043e\u0441\u0447\u0438\u0442\u0430\u043b\u0430 \u0435\u0435 \u0434\u0443\u0431\u043b\u0438\u043a\u0430\u0442\u043e\u043c, \u0437\u0430\u044f\u0432\u043b\u044f\u044f, \u0447\u0442\u043e \u043e\u043d\u0430 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430. \u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u043e \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Windows 11.\n\n3. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Source Incite \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u0442\u0430\u0442\u044c\u044e, \u043e\u0441\u0432\u0435\u0449\u0430\u044f \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0434\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Spring Java, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f RCE.\n\n4. ERNW \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 command injection, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u043c\u043e\u0433\u0430\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0432 Kemp LoadMaster \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0448\u0438\u0431\u043a\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-7591 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438\u00a010/10.\n\n5. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043c\u043e\u0433 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043d\u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c \u043f\u043e\u0440\u0442\u0430\u043b\u0435 Microsoft Partner. Microsoft \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430\u00a0\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435. \u041a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431 \u0430\u0442\u0430\u043a\u0435 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442\u0441\u044f.\n\n6. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Nozomi Networks \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043e\u043a\u043e\u043b\u043e \u0434\u0432\u0443\u0445 \u0434\u0435\u0441\u044f\u0442\u043a\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u0442\u043e\u0447\u043a\u0430\u0445 \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 Advantech EKI, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\n6 \u0438\u0437 20 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (\u043e\u0442 CVE-2024-50370 \u0434\u043e CVE-2024-50375 \u0441 CVSS: 9,8) \u0431\u044b\u043b\u0438 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u044b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u043f\u0443\u0442\u0435\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u0430, \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438 \u0434\u0430\u0436\u0435 \u043f\u0435\u0440\u0435\u043f\u0440\u043e\u0444\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0435 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0435 \u0442\u043e\u0447\u043a\u0438 \u0432 \u0440\u0430\u0431\u043e\u0447\u0438\u0435 \u0441\u0442\u0430\u043d\u0446\u0438\u0438 Linux \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 CVE-2024-50376 (CVSS: 7,3) \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 CVE-2024-50359 (CVSS: 7,2) \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u043e \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0439 \u0441\u0435\u0442\u0438.\n\n7. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Jenkins \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u0434\u0432\u0443\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432.", "creation_timestamp": "2024-11-29T17:20:05.000000Z"}, {"uuid": "9184acca-ae5c-41d1-8946-681e02ebbd5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/CyberBulletin/26846", "content": "\u26a1\ufe0fRCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677.\n\n#CyberBulletin", "creation_timestamp": "2024-12-18T12:14:46.000000Z"}, {"uuid": "f7e8174a-63e6-4dd2-bd91-bebd0b4c34c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/thehackernews/6084", "content": "\u26a1 A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk.\n\nAn uploaded file could turn into malicious JSP code\u2014resulting in remote code execution.\n\n\u00bb Affected Versions: Tomcat 9.0.0-M1 to 11.0.1\n\u00bb Java users: Incorrect configurations = higher risk.\n\u00bb Severity? CVE-2024-50379 scored a 9.8 on CVSS!\n\nDetails here \ud83d\udc49 https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html", "creation_timestamp": "2024-12-24T07:10:43.000000Z"}, {"uuid": "c6a90dcc-3147-41d6-8067-b842fb496931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6582", "content": "Apache Software Foundation (ASF) \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432\u0430\u0436\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Tomcat, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-56337 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0443\u0434\u0430\u0432\u0448\u0438\u043c\u0441\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u0434\u0440\u0443\u0433\u043e\u0439 CVE-2024-50379 (CVSS: 9,8), \u0435\u0449\u0435 \u043e\u0434\u043d\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0442\u043e\u043c \u0436\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0440\u0430\u043d\u0435\u0435 17 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u043c \u0441 Tomcat \u0432 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043d\u0435\u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043a \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0443, \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0441\u0435\u0440\u0432\u043b\u0435\u0442\u0430 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e (\u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00ab\u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f\u00bb \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u043d\u0430 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 false, \u043e\u0442\u043b\u0438\u0447\u043d\u043e\u0435 \u043e\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e), \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0434\u043b\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-50379 \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f Java \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0441 Tomcat.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u044b \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c \u0433\u043e\u043d\u043a\u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f (TOCTOU), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u0432 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445, \u043d\u0435\u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043a \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0443, \u043a\u043e\u0433\u0434\u0430 \u0441\u0435\u0440\u0432\u043b\u0435\u0442 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438.\n\n\u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0447\u0442\u0435\u043d\u0438\u0435 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u043f\u0440\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u043e\u0434\u043d\u043e\u0433\u043e \u0438 \u0442\u043e\u0433\u043e \u0436\u0435 \u0444\u0430\u0439\u043b\u0430 \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 Tomcat \u043a \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0443 \u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c\u0441\u044f \u043a\u0430\u043a JSP, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a RCE.\n\nCVE-2024-56337 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Apache Tomcat: \n- 11.0.0-M1 \u0434\u043e 11.0.1 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 11.0.2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438);\n- 10.1.0-M1 \u0434\u043e 10.1.33 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 10.1.34 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438);\n- 9.0.0.M1 \u2013 9.0.97 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 9.0.98 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438).\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Java:\n\n- Java 8 \u0438\u043b\u0438 Java 11: \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0437\u0430\u0434\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u043c\u0443 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0443 sun.io.useCanonCaches \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 false (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e true);\n\n- Java 17: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0435 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u043e sun.io.useCanonCaches \u0432 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 false, \u0435\u0441\u043b\u0438 \u043e\u043d\u043e \u0443\u0436\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e false);\n\n- Java 21 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438: \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f, \u0442\u0430\u043a \u043a\u0430\u043a \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0435 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u043e.\n\nASF \u0432\u044b\u0440\u0430\u0437\u0438\u043b\u0430 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u043d\u043e\u0441\u0442\u044c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Nacl, WHOAMI, Yemoli \u0438 Ruozhi \u0437\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u043e\u0431 \u043e\u0431\u043e\u0438\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 KnownSec 404 \u0437\u0430 \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 CVE-2024-56337 \u0441 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c PoC.", "creation_timestamp": "2024-12-25T15:20:25.000000Z"}, {"uuid": "e98ecdff-906b-43a3-a992-40dd5c3dc2e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/CyberBulletin/26924", "content": "\u26a1\ufe0fDeep Dive & POC of CVE-2024-50379 Exploit Tomcat Vulnerability (9.8 Severity).\n\n#CyberBulletin", "creation_timestamp": "2024-12-27T01:03:13.000000Z"}, {"uuid": "2c2cd329-2b46-49da-90f8-796e499f4df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/232", "content": "https://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc\n\nRCE through a race condition in Apache Tomcat\n#github #poc", "creation_timestamp": "2024-12-22T03:43:00.000000Z"}, {"uuid": "c8e006e4-9338-4dc6-9034-7d15fc1fa8ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11595", "content": "#exploit\n1. CVE-2024-50379:\nApache Tomcat RCE\nhttps://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc\n\n2. CVE-2024-48990:\nQualys needrestart <3.8 - Uncontrolled Search Path Element\nhttps://github.com/makuga01/CVE-2024-48990-PoC", "creation_timestamp": "2024-12-23T15:32:22.000000Z"}, {"uuid": "543e062f-6005-432c-817f-7a79e4e54356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "seen", "source": "https://t.me/suboxone_chatroom/941", "content": "\u26a1\ufe0fCVE-2024-50379/CVE-2024-56337 : Apache Tomcat Patches Critical RCE Vulnerability\n\n\ud83d\udd25Exploit : https://github.com/SleepingBag945/CVE-2024-50379\n\n\ud83d\udc47Dorks:\nHUNTER :/product.name=\"Apache Tomcat\"\nFOFA : product=\"Apache-Tomcat\"\nSHODAN : product:\"Apache-Tomcat\"", "creation_timestamp": "2025-01-13T11:04:46.000000Z"}, {"uuid": "434b7a3e-8248-48f2-b5cd-3e002107b143", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50379", "type": "published-proof-of-concept", "source": "https://t.me/suboxone_chatroom/1572", "content": "#exploit\n1. CVE-2024-50379:\nApache Tomcat RCE\nhttps://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc\n\n2. CVE-2024-48990:\nQualys needrestart <3.8 - Uncontrolled Search Path Element\nhttps://github.com/makuga01/CVE-2024-48990-PoC", "creation_timestamp": "2025-01-27T07:07:37.000000Z"}]}