CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html
http://www.openwall.com/lists/oss-security/2024/01/19/2	Mailing List Patch Third Party Advisory
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz	Mailing List Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20240216-0005/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone18::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone19::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone20::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone21::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone22::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone23::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone24::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone25::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone26::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone27::::::

History

16 Feb 2024, 13:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240216-0005/ -

01 Feb 2024, 17:15

Type	Values Removed	Values Added
References		() http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html -

26 Jan 2024, 13:51

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2024/01/19/2 -~~	() http://www.openwall.com/lists/oss-security/2024/01/19/2 - Mailing List, Patch, Third Party Advisory
References	~~() https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz -~~	() https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz - Mailing List, Patch, Vendor Advisory
First Time		Apache Apache tomcat
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:apache:tomcat:9.0.0:milestone14:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone15:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone22:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone26:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone12:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone23:::::: cpe:2.3:a:apache:tomcat:::::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone19:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone11:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone13:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone21:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone18:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone25:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone27:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone16:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone20:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone24:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::

19 Jan 2024, 12:15

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de generación de mensaje de error que contiene información confidencial en Apache Tomcat. Este problema afecta a Apache Tomcat: desde 8.5.7 hasta 8.5.63, desde 9.0.0-M11 hasta 9.0.43. Se recomienda a los usuarios actualizar a la versión 8.5.64 en adelante o 9.0.44 en adelante, que contienen una solución para el problema.
References		() http://www.openwall.com/lists/oss-security/2024/01/19/2 -

19 Jan 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-19 11:15

Updated : 2024-02-16 13:15

NVD link : CVE-2024-21733

Mitre link : CVE-2024-21733

CVE.ORG link : CVE-2024-21733

JSON object : View

Products Affected

apache

tomcat

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

5.3 /10