Lucene search

PRIOn knowledge basePRION:CVE-2024-21733

HistoryJan 19, 2024 - 11:15 a.m.

Information disclosure

2024-01-1911:15:00

PRIOn knowledge base

www.prio-n.com

apache tomcat

information disclosure

error message

upgrade

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.7%

JSON

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.

Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

CPENameOperatorVersion
tomcateq9.0.0 milestone11
tomcateq9.0.0 milestone12
tomcateq9.0.0 milestone13
tomcateq9.0.0 milestone14
tomcateq9.0.0 milestone15
tomcateq9.0.0 milestone16
tomcateq9.0.0 milestone17
tomcateq9.0.0 milestone18
tomcateq9.0.0 milestone19
tomcateq9.0.0 milestone20

Name	Operator	Version
tomcat	eq	9.0.0 milestone11
tomcat	eq	9.0.0 milestone12
tomcat	eq	9.0.0 milestone13
tomcat	eq	9.0.0 milestone14
tomcat	eq	9.0.0 milestone15
tomcat	eq	9.0.0 milestone16
tomcat	eq	9.0.0 milestone17
tomcat	eq	9.0.0 milestone18
tomcat	eq	9.0.0 milestone19
tomcat	eq	9.0.0 milestone20