CVE-2024-21733

2024-01-1911:15:08

Debian Security Bug Tracker

security-tracker.debian.org

apache tomcat

error message

sensitive information

upgrade

fix

cve-2024-21733

unix

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

OSVersionArchitecturePackageVersionFilename
Debian12alltomcat9< 9.0.53-1tomcat9_9.0.53-1_all.deb
Debian11alltomcat9<= 9.0.43-2~deb11u10tomcat9_9.0.43-2~deb11u10_all.deb
Debian999alltomcat9< 9.0.53-1tomcat9_9.0.53-1_all.deb
Debian13alltomcat9< 9.0.53-1tomcat9_9.0.53-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	tomcat9	< 9.0.53-1	tomcat9_9.0.53-1_all.deb
Debian	11	all	tomcat9	<= 9.0.43-2~deb11u10	tomcat9_9.0.43-2~deb11u10_all.deb
Debian	999	all	tomcat9	< 9.0.53-1	tomcat9_9.0.53-1_all.deb
Debian	13	all	tomcat9	< 9.0.53-1	tomcat9_9.0.53-1_all.deb