From 59958780af64567ac4b66d6775b59b5808994031 Mon Sep 17 00:00:00 2001
From: TWangmo <125948963+TWangmo@users.noreply.github.com>
Date: Mon, 23 Dec 2024 15:08:15 +0800
Subject: [PATCH] 20241223003-Apache-Tomcat-Patches-Critical-RCE-Vulnerability
 (#1140)

* 20241105001-Ricoh-Critical-Update

* Format markdown docs

* Update 20241105001

Updated reference link format

* 20241120002-CISA-New-ICS-Advisories

* Format markdown docs

* Update 20241120002

* Format markdown docs

* 20241219002-CISA-Releases-New-ICS-Advisories

* Format markdown docs

* Update 20241219002

Reference format change.

* 20241223003-Apache-Tomcat-Patches-Critical-RCE-Vulnerability

* Format markdown docs

---------

Co-authored-by: TWangmo <TWangmo@users.noreply.github.com>
Co-authored-by: JadonWill <117053393+JadonWill@users.noreply.github.com>
Co-authored-by: JadonWill <JadonWill@users.noreply.github.com>
---
 ...mcat-Patches-Critical-RCE-Vulnerability.md | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 docs/advisories/20241223003-Apache-Tomcat-Patches-Critical-RCE-Vulnerability.md

diff --git a/docs/advisories/20241223003-Apache-Tomcat-Patches-Critical-RCE-Vulnerability.md b/docs/advisories/20241223003-Apache-Tomcat-Patches-Critical-RCE-Vulnerability.md
new file mode 100644
index 00000000..47bccc28
--- /dev/null
+++ b/docs/advisories/20241223003-Apache-Tomcat-Patches-Critical-RCE-Vulnerability.md
@@ -0,0 +1,25 @@
+# Apache Tomcat Patches Critical RCE Vulnerability - 20241223003
+
+## Overview
+
+The Apache Software Foundation has recently released a critical security update addressing a remote code execution (RCE) vulnerability in that affects a wide range of Tomcat versions.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s)                                                                                                              | CVE                                                                | CVSS | Severity     |
+| ------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ | ---- | ------------ |
+| Aapche Tomcat       | - Apache Tomcat 11.0.0-M1 to 11.0.1 <br/> - Apache Tomcat 10.1.0-M1 to 10.1.33 <br/> - Apache Tomcat 9.0.0.M1 to 9.0.97 | [ CVE-2024-56337](https://nvd.nist.gov/vuln/detail/CVE-2024-56337) | 9.8  | **Critical** |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Apache: https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp
+
+## Additional References
+
+- Security Online: https://securityonline.info/cve-2024-56337-apache-tomcat-patches-critical-rce-vulnerability/