Apache Tomcat Vulnerability: Generation of Error Message Containing Sensitive Information
Key Information
- Vendor
- Apache
- Status
- Apache Tomcat
- Vendor
- CVE Published:
- 19 January 2024
Badges
Summary
Apache Tomcat is affected by a vulnerability that allows for the generation of error messages containing sensitive information. This vulnerability affects versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43. If exploited, an attacker can de-synchronize a victim's browser from the website, allowing for sensitive data to be smuggled from the server and/or client connections. There are known exploits of this vulnerability in the wild, but no specific ransomware groups have been identified as using this exploit. Users are advised to upgrade to version 8.5.64 or 9.0.44, which contain a fix for the vulnerability.
Affected Version(s)
Apache Tomcat <= 8.5.63
Apache Tomcat <= 9.0.43
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Tomitribe CVE-2024-21733CVE-2024-21733 - Tomitribe
Severity3.1 Description Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11...
4 months ago
Sn1perSecurity CVE-2024-21733CVE-2024-21733 Apache Tomcat HTTP Request Smuggling
CVE-2024-21733 - Apache Tomcat from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43 are vulnerable to client-side de-sync attacks.
10 months ago
CVSS V3.1
Timeline
Vulnerability started trending.
- 👾
Exploit exists.
First article discovered by securityonline.info
Vulnerability published.
Vulnerability Reserved.