{"id":"CVE-2024-21733","details":"Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.","aliases":["BIT-tomcat-2024-21733","GHSA-f4qf-m5gf-8jm8"],"modified":"2026-04-10T05:08:59.305521Z","published":"2024-01-19T11:15:08.043Z","related":["SUSE-SU-2024:0829-1","SUSE-SU-2026:1058-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"type":"WEB","url":"http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240216-0005/"},{"type":"FIX","url":"https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2024/01/19/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"b5205c92f41dfd9a67f78bc783db7b022e38226c"},{"fixed":"c47f86adea090175669df8b2ca04c93050bcaf8c"},{"introduced":"3c78e95e36268dfb76db1570f0cf49104fa6eabc"},{"fixed":"7b4007a6a77300056f4681b064d7332c2284cbdd"},{"introduced":"0"},{"last_affected":"65ddc3a3872ea41ca67fec7b6834c704b6893361"},{"introduced":"0"},{"last_affected":"b5a74e3c7913c560648f0ffedfbbb3ebe4318def"},{"introduced":"0"},{"last_affected":"de128d72af746184e035ff1b53629f08cb141a04"},{"introduced":"0"},{"last_affected":"aac670afe1226e10513021100fce8a12344743c6"},{"introduced":"0"},{"last_affected":"c2c8107f0cea4755497a85990807b883b66f6b57"},{"introduced":"0"},{"last_affected":"8c48678b110f3fbbe66f6dde0e45d2578fa92c29"},{"introduced":"0"},{"last_affected":"9c5edb840d9413c1408e7c191bc0e1bbfcd9e07f"},{"introduced":"0"},{"last_affected":"59e713216cf2256aacc54f6ba627865f356f9e4e"},{"introduced":"0"},{"last_affected":"7dc5e29fe49850102261badf158752d6865311e4"},{"introduced":"0"},{"last_affected":"600dc8ba5d9be7599d29bff83c342213d93b034e"},{"introduced":"0"},{"last_affected":"3bd48aab236e5bf0ed1644e9f0c588fd20e503ab"},{"introduced":"0"},{"last_affected":"642d3dd4d50ea1f03f9827962e4fc982a123bb78"},{"introduced":"0"},{"last_affected":"24566c02fb917a6ca1b6479a60971b0d8acd895c"},{"introduced":"0"},{"last_affected":"cac0e029dcced854eeca7444710e78e412dc2c2a"},{"introduced":"0"},{"last_affected":"c5efed313de1a181f4f9f98f5023117f3b911257"},{"introduced":"0"},{"last_affected":"ab04166fac59fcf9b3be3aab1c8b896842782d4c"},{"introduced":"0"},{"last_affected":"35071e7e52f296b9187b054b0efd74121b7db3bd"}],"database_specific":{"versions":[{"introduced":"8.5.7"},{"fixed":"8.5.64"},{"introduced":"9.0.1"},{"fixed":"9.0.44"},{"introduced":"0"},{"last_affected":"9.0.0-milestone11"},{"introduced":"0"},{"last_affected":"9.0.0-milestone12"},{"introduced":"0"},{"last_affected":"9.0.0-milestone13"},{"introduced":"0"},{"last_affected":"9.0.0-milestone14"},{"introduced":"0"},{"last_affected":"9.0.0-milestone15"},{"introduced":"0"},{"last_affected":"9.0.0-milestone16"},{"introduced":"0"},{"last_affected":"9.0.0-milestone17"},{"introduced":"0"},{"last_affected":"9.0.0-milestone18"},{"introduced":"0"},{"last_affected":"9.0.0-milestone19"},{"introduced":"0"},{"last_affected":"9.0.0-milestone20"},{"introduced":"0"},{"last_affected":"9.0.0-milestone21"},{"introduced":"0"},{"last_affected":"9.0.0-milestone22"},{"introduced":"0"},{"last_affected":"9.0.0-milestone23"},{"introduced":"0"},{"last_affected":"9.0.0-milestone24"},{"introduced":"0"},{"last_affected":"9.0.0-milestone25"},{"introduced":"0"},{"last_affected":"9.0.0-milestone26"},{"introduced":"0"},{"last_affected":"9.0.0-milestone27"}]}}],"versions":["9.0.0-M11","9.0.0-M12","9.0.0-M13","9.0.0-M14","9.0.0-M15","9.0.0-M16","9.0.0-M17","9.0.0-M18","9.0.0-M19","9.0.0-M20","9.0.0-M21","9.0.0-M22","9.0.0-M23","9.0.0-M24","9.0.0-M25","9.0.0-M26","9.0.0-M27"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21733.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}