GHSA-f4qf-m5gf-8jm8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f4qf-m5gf-8jm8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-f4qf-m5gf-8jm8/GHSA-f4qf-m5gf-8jm8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-f4qf-m5gf-8jm8
- Aliases
- Published
- 2024-01-19T12:30:18Z
- Modified
- 2025-02-13T19:44:44.709968Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
- Details
-
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.
Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
- Database specific
{ "github_reviewed_at": "2024-01-29T22:30:43Z", "github_reviewed": true, "severity": "MODERATE", "nvd_published_at": "2024-01-19T11:15:08Z", "cwe_ids": [ "CWE-209" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-21733
- https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a
- https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311
- https://github.com/apache/tomcat
- https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
- https://security.netapp.com/advisory/ntap-20240216-0005
- https://tomcat.apache.org/security-8.html
- https://tomcat.apache.org/security-9.html
- http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html
- http://www.openwall.com/lists/oss-security/2024/01/19/2
Affected packages
Maven / org.apache.tomcat:tomcat-coyote
Package
- Name
- org.apache.tomcat:tomcat-coyote
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat-coyote
Affected versions
9.*
9.0.0.M1
9.0.0.M3
9.0.0.M4
9.0.0.M6
9.0.0.M8
9.0.0.M9
9.0.0.M10
9.0.0.M11
9.0.0.M13
9.0.0.M15
9.0.0.M17
9.0.0.M18
9.0.0.M19
9.0.0.M20
9.0.0.M21
9.0.0.M22
9.0.0.M25
9.0.0.M26
9.0.0.M27
9.0.1
9.0.2
9.0.4
9.0.5
9.0.6
9.0.7
9.0.8
9.0.10
9.0.11
9.0.12
9.0.13
9.0.14
9.0.16
9.0.17
9.0.19
9.0.20
9.0.21
9.0.22
9.0.24
9.0.26
9.0.27
9.0.29
9.0.30
9.0.31
9.0.33
9.0.34
9.0.35
9.0.36
9.0.37
9.0.38
9.0.39
9.0.40
9.0.41
9.0.43
Maven / org.apache.tomcat.embed:tomcat-embed-core
Package
- Name
- org.apache.tomcat.embed:tomcat-embed-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat.embed/tomcat-embed-core
Affected versions
8.*
8.5.8
8.5.9
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
8.5.19
8.5.20
8.5.21
8.5.23
8.5.24
8.5.27
8.5.28
8.5.29
8.5.30
8.5.31
8.5.32
8.5.33
8.5.34
8.5.35
8.5.37
8.5.38
8.5.39
8.5.40
8.5.41
8.5.42
8.5.43
8.5.45
8.5.46
8.5.47
8.5.49
8.5.50
8.5.51
8.5.53
8.5.54
8.5.55
8.5.56
8.5.57
8.5.58
8.5.59
8.5.60
8.5.61
8.5.63