Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.
Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html | |
http://www.openwall.com/lists/oss-security/2024/01/19/2 | Mailing List Patch Third Party Advisory |
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz | Mailing List Patch Vendor Advisory |
https://security.netapp.com/advisory/ntap-20240216-0005/ |
Configurations
Configuration 1 (hide)
|
History
16 Feb 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2024, 13:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz - Mailing List, Patch, Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2024/01/19/2 - Mailing List, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Apache
Apache tomcat |
|
CPE | cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:* |
19 Jan 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-19 11:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-21733
Mitre link : CVE-2024-21733
CVE.ORG link : CVE-2024-21733
JSON object : View
Products Affected
apache
- tomcat
CWE
CWE-209
Generation of Error Message Containing Sensitive Information