Tomcat Vulnerabilities CVE-2024-50379 and CVE-2024-56337 in Liferay DXP

Issue

Vulnerability for Tomcat discovered after moving to Liferay DXP 7.4.
How to remediate Apache Tomcat 9 Remote Code Execution (RCE) Via Write Enabled Default Servlet Vulnerability (CVE-2024-50379) and Denial of Service (DoS) via OutOfMemoryError (CVE-2024-56337).

These vulnerabilities are not exploitable in Liferay DXP default bundles because they require a change in the default init parameter of the default servlet. They are also not exploitable on case-sensitive operating systems like Linux.
If these vulnerabilities are still a concern, you can mitigate them by upgrading to a Tomcat version where the issue is fixed, such as Tomcat 9.0.98.
If using Docker, see the documentation on Providing Files to the Container for instructions on how to provide the updated Tomcat bundle to the Docker container. Alternatively, you can create your own bundle locally by following the documentation on Installing on Tomcat.