5.3
CVE-2024-21733
- EPSS 14.29%
- Veröffentlicht 19.01.2024 11:15:08
- Zuletzt bearbeitet 03.11.2025 21:16:06
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Tomcat: Leaking of unrelated request bodies in default error page
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 14.29% | 0.961 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html
http://www.openwall.com/lists/oss-security/2024/01/19/2
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
https://security.netapp.com/advisory/ntap-20240216-0005/
https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html