CVE-2024-21733

Опубликовано: 19 янв. 2024

Источник: nvd

CVSS3: 5.3

EPSS Средний

Описание

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.

Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

Ссылки

http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html
http://www.openwall.com/lists/oss-security/2024/01/19/2
Mailing List
Patch
Third Party Advisory
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
Mailing List
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240216-0005/
http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html
http://www.openwall.com/lists/oss-security/2024/01/19/2
Mailing List
Patch
Third Party Advisory
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
Mailing List
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240216-0005/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

Версия от 8.5.7 (включая) до 8.5.64 (исключая)

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

Версия от 9.0.1 (включая) до 9.0.44 (исключая)

cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.65426

Средний

5.3 Medium

CVSS3

Дефекты

CWE-209

Связанные уязвимости

CVE-2024-21733

CVSS3: 5.3

ubuntu

больше 1 года назад

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

CVE-2024-21733

CVSS3: 5.3

redhat

больше 1 года назад

CVE-2024-21733

CVSS3: 5.3

debian

больше 1 года назад

Generation of Error Message Containing Sensitive Information vulnerabi ...

SUSE-SU-2024:0829-1

suse-cvrf

больше 1 года назад

Security update for tomcat

GHSA-f4qf-m5gf-8jm8

CVSS3: 5.3

github

больше 1 года назад

Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information

EPSS

Процентиль: 98%

0.65426

Средний

5.3 Medium

CVSS3

Дефекты

CWE-209