Published: 19/01/2024 Updated: 16/02/2024

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 up to and including 8.5.63, from 9.0.0-M11 up to and including 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 9.0.0
apache tomcat

Generation of Error Message Containing Sensitive Information vulnerability in Apache TomcatThis issue affects Apache Tomcat: from 857 through 8563, from 900-M11 through 9043 Users are recommended to upgrade to version 8564 onwards or 9044 onwards, which contain a fix for the issue (CVE-2024-21733) ...

DescriptionThis CVE is under investigation by Red Hat Product Security ...

Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling Apache Tomcat versions 857 through 8563 and 900-M11 through 9043 are vulnerable ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2024-21733: Apache Tomcat: Leaking of unrelated request bodies in default error page  <!--X-Hea ...

CWE-209 https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz http://www.openwall.com/lists/oss-security/2024/01/19/2 http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html https://security.netapp.com/advisory/ntap-20240216-0005/https://nvd.nist.gov https://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2024-011.html

CVE-2024-21733

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect