What is CVE-2024-21733?

CVE-2024-21733 is a vulnerability in Apache Software Foundation Tomcat, classified under Generation of Error Message Containing Sensitive Information. Published 2024-01-19.

Is CVE-2024-21733 known to be exploited?

35 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Apache Software Foundation Tomcat

CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are re…

EPSS: 0.710 (98.7th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Tomcat — versions 8.5.7, 9.0.0-M11, 10.0.0-M1

Weakness classification (CWE)

CWE-209 — Generation of Error Message Containing Sensitive Information

Public proof-of-concept exploits

References

lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz (vendor-advisory)

Frequently asked questions

What is CVE-2024-21733?: CVE-2024-21733 is a vulnerability in Apache Software Foundation Tomcat, classified under Generation of Error Message Containing Sensitive Information. Published 2024-01-19.
Is CVE-2024-21733 known to be exploited?: 35 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.