CVE-2024-21733MEDIUMCVSS 5.3

Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information

Published Jan 19, 2024·Updated Jun 18, 2026

Description

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

Affected Packages (3)

org.apache.tomcat.embed:tomcat-embed-coreMAVEN
From 8.5.7
Fixed in 8.5.64
org.apache.tomcat:tomcat-coyoteMAVEN
From 9.0.0-M11
Fixed in 9.0.44
org.apache.tomcat.experimental:tomcat-embed-programmaticMAVEN
From 9.0.43
Fixed in 9.0.44

Public Exploits & PoCs1 found

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free