Security Advisory

Apache Tomcat Product Security Update Advisory (CVE-2024-21733)

Jan 19 2024

Overview

An update has been made available to fix vulnerabilities in Apache Tomcat(https://tomcat.apache.org/). Users of affected versions are advised to update to the latest version.

Affected Products

Apache Tomcat

9.versions from 0.0-M11 through 9.0.43
8.versions from 5.7 through 8.5.63

Resolved Vulnerabilities

Vulnerability in Apache Tomcat to generate error messages containing sensitive information (CVE-2024-21733)

Vulnerability Patches

A patch for the vulnerability was made available in the January 19, 2024 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

Apache Tomcat 8.5.64 and later to versions less than 9.0.0-M11
Apache Tomcat 9.0.44 and later versions

Referenced Sites

[1] CVE-2024-21733 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-21733
[2] [SECURITY] CVE-2024-21733 Apache Tomcat – Information Disclosure
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz

Previous Post

Security Update Advisory for python pyload Package (CVE-2024-22416)

Next Post

Apple Family January 2024 1st Security Update Advisory