Lucene search

K
cvelistApacheCVELIST:CVE-2024-21733
HistoryJan 19, 2024 - 10:29 a.m.

CVE-2024-21733 Apache Tomcat: Leaking of unrelated request bodies in default error page

2024-01-1910:29:04
CWE-209
apache
www.cve.org
apache tomcat
error page
sensitive information
vulnerability
upgrade
fix
cve-2024-21733

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.

Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "8.5.63",
        "status": "affected",
        "version": "8.5.7",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.43",
        "status": "affected",
        "version": "9.0.0-M11",
        "versionType": "semver"
      }
    ]
  }
]

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%