Lucene search
+L

21 matches found

nessus
nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-21733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from...

5.3CVSS6.7AI score0.14286EPSS
Exploits3References2
nessus
nessus
added 2024/06/03 12:0 a.m.26 views

RHEL 9 : pki-servlet-engine (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: Leaking of unrelated request bodies in default error page CVE-2024-21733 Note that Nessus has not tested fo...

5.3CVSS5.9AI score0.14286EPSS
Exploits3References1
redhat
redhat
added 2024/05/23 10:45 p.m.98 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update

Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

9.3CVSS6.6AI score0.8581EPSS
Exploits9References16
openvas
openvas
added 2024/05/07 12:0 a.m.31 views

SUSE: Security Advisory (SUSE-SU-2024:0829-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.5AI score0.14286EPSS
Exploits3References5
redhat
redhat
added 2024/05/06 2:10 p.m.95 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel security update

Red Hat build of Apache Camel 4.4.0 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

9.1CVSS7.1AI score0.14286EPSS
Exploits4References6
nessus
nessus
added 2024/04/29 12:0 a.m.37 views

Apache Tomcat 8.5.0 < 8.5.64 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.64. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.64security-8 advisory. - Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate...

7.5CVSS7.2AI score0.14286EPSS
Exploits3References5
nessus
nessus
added 2024/04/29 12:0 a.m.379 views

Apache Tomcat 9.0.0.M1 < 9.0.44 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.44. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.44security-9 advisory. - Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate...

7.5CVSS7.2AI score0.14286EPSS
Exploits3References5
ibm
ibm
added 2024/03/27 5:25 p.m.53 views

Security Bulletin: IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a special...

7.5CVSS7.8AI score0.23072EPSS
Exploits4Affected Software1
nessus
nessus
added 2024/03/13 12:0 a.m.39 views

SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2024:0829-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0829-1 advisory. - CVE-2024-21733: Fixed leaking of unrelated request bodies in default error page bsc1219023, bsc1220503. Tenable has extracted the precedin...

5.3CVSS6.8AI score0.14286EPSS
Exploits3References5
osv
osv
added 2024/03/11 7:3 a.m.14 views

SUSE-SU-2024:0829-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2024-21733: Fixed leaking of unrelated request bodies in default error page bsc1219023, bsc1220503...

5.3CVSS5.7AI score0.14286EPSS
Exploits3References4
nessus
nessus
added 2024/02/06 12:0 a.m.53 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-011)

The version of tomcat installed on the remote host is prior to 9.0.50-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2024-011 advisory. 2024-02-15: CVE-2021-33037 was added to this advisory. Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5...

5.3CVSS7.3AI score0.75353EPSS
Exploits4References6
packetstorm
packetstorm
added 2024/02/01 12:0 a.m.546 views

Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling

Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling Date: 1/31/2024 Exploit Author: xer0dayz Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/ Version: 8.5.7 to 8.5.63 or 9.0.44 or later CVE : CVE-2024-21733 Description: Apache Tomcat from 8.5.7...

5.3CVSS7.4AI score0.14286EPSS
Exploits3
zdt
zdt
added 2024/02/01 12:0 a.m.965 views

Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling Vulnerability

Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable. Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling Date: 1/31/2024 Exploit Author: xer0dayz Vendor...

5.3CVSS6.4AI score0.14286EPSS
Exploits3
hackerone
hackerone
added 2024/01/19 6:9 p.m.180 views

Internet Bug Bounty: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling (Client- Side Desync) (CWE: 444)

SECURITY CVE-2024-21733 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache Tomcat 8.5.7 to 8.5.63 Description: Incomplete POST requests triggered an error response that could contain data fr...

5.3CVSS5.8AI score0.14286EPSS
Exploits3
redhatcve
redhatcve
added 2024/01/19 3:37 p.m.125 views

CVE-2024-21733

An information disclosure vulnerability was found in Apache Tomcat. Incomplete POST requests triggered an error response that could contain data from a previous HTTP request. This flaw allows a remote attacker to access files from another user that should be otherwise prevented by limits or...

5.3CVSS5AI score0.14286EPSS
Exploits3References5
ubuntucve
ubuntucve
added 2024/01/19 11:15 a.m.92 views

CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44...

5.3CVSS6.8AI score0.14286EPSS
Exploits3References6
cve
cve
added 2024/01/19 10:29 a.m.332 views

CVE-2024-21733

CVE-2024-21733 affects Apache Tomcat 8.5.7–8.5.63 and 9.0.0-M11–9.0.43, where error responses may disclose sensitive information from unrelated requests on the default error page. Upgrade to Tomcat 8.5.64+ or 9.0.44+ to fix. A public PoC exploit exists (GitHub: https://github.com/LtmThink/CVE-202...

5.3CVSS7AI score0.14286EPSS
Exploits3References5Affected Software1
cvelist
cvelist
added 2024/01/19 10:29 a.m.48 views

CVE-2024-21733 Apache Tomcat: Leaking of unrelated request bodies in default error page

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44...

5.9AI score0.14286EPSS
Exploits3References1
debiancve
debiancve
added 2024/01/19 10:29 a.m.107 views

CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44...

5.3CVSS7.2AI score0.14286EPSS
Exploits3
tomcat
tomcat
added 2021/03/10 12:0 a.m.74 views

Fixed in Apache Tomcat 9.0.44

Important: Denial of Service CVE-2021-41079 When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. This was fixed with commit d4b340fa. This issue was first reported to the Apach...

7.5CVSS6.3AI score0.14286EPSS
Exploits3Affected Software1
Rows per page
Query Builder