BIT-tomcat-2024-21733

2024-03-0611:07:26

Google

osv.dev

apache tomcat

vulnerability

security

upgrade

software

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

CPENameOperatorVersion
tomcatge9.0.0-milestone19
tomcatge9.0.0-milestone11
tomcatle9.0.0-milestone23
tomcatge9.0.0-milestone21
tomcatle9.0.0-milestone25
tomcatle9.0.0-milestone17
tomcatle9.0.0-milestone26
tomcatge9.0.0-milestone23
tomcatlt9.0.44
tomcatle9.0.0-milestone22

Name	Operator	Version
tomcat	ge	9.0.0-milestone19
tomcat	ge	9.0.0-milestone11
tomcat	le	9.0.0-milestone23
tomcat	ge	9.0.0-milestone21
tomcat	le	9.0.0-milestone25
tomcat	le	9.0.0-milestone17
tomcat	le	9.0.0-milestone26
tomcat	ge	9.0.0-milestone23
tomcat	lt	9.0.44
tomcat	le	9.0.0-milestone22