Summary
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
Products Potentially Affected
|
OS/Product
|
Exposure
|
|
ExtremeAnalytics for Site Engine
|
Yes
|
|
ExtremeCloud IQ - Site Engine (XIQ-SE)
|
No
|
|
ExtremeControl for Site Engine
|
Yes
|
Repair Recommendations
ExtremeAnalytics for Site Engine:
- Fixed in 24.10.13 or later.
ExtremeControl for Site Engine:
- Fixed in 24.10.13 or later
Please see the full security advisory article here for more details and updates.
