Vulnerability CVE-2024-50379 affecting TeamCity Installations on case-insensitive server

Hello,

the above-mentioned vulnerability CVE-2024-50379 affects Tomcat installations 9.0.0.M1 through 9.0.97 among others.  We have a TeamCity running on premise on Windows Server 2019 with version 2024.12 and build number 174331.  Looking at the logs of the server, the installed Tomcat version is 9.0.96.  

According to the notes on the vulnerability, Tomcat version is affected.  

Can you please provide information on this issue?  Is the TeamCity installation affected?  Can we do something to remedy the issue?

Best

Nasser Brake

0
2 comments
Hi Nasser,

We're planning to update the bundled Tomcat version in the next minor release of TeamCity (2024.12.1), scheduled for this month.
It is also possible to use TeamCity with non-bundled Tomcat: https://www.jetbrains.com/help/teamcity/how-to.html#Install+Non-Bundled+Version+of+Tomcat
Please let me know if you have any additional questions.

Best regards,
Anton
0

It seems like the Teamcity team needs to be pinged quite often when there is a vulnerability in tomcat to include it in Teamcity.

1

Please sign in to leave a comment.