Vulnerabilities > CVE-2024-21733 - Unspecified vulnerability in Apache Tomcat
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
Vulnerable Configurations
References
- http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html
- http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html
- http://www.openwall.com/lists/oss-security/2024/01/19/2
- http://www.openwall.com/lists/oss-security/2024/01/19/2
- https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
- https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
- https://security.netapp.com/advisory/ntap-20240216-0005/
- https://security.netapp.com/advisory/ntap-20240216-0005/