CVE-2024-21733

Aliases:GHSA-f4qf-m5gf-8jm8BIT-tomcat-2024-21733

Advisory lineage Upstream: 0 Downstream: 6

Downstream

DEBIAN-CVE-2024-21733 DLA-4017-1 SUSE-SU-2024:0829-1 SUSE-SU-2026:1058-1 UBUNTU-CVE-2024-21733 USN-7562-1

Modified

Published: 19 Jan 2024, 10:29

Last modified:03 Nov 2025, 20:36

Vulnerability Summary

Overall Risk (default)

medium

35/100

CVSS Score

5.3 MEDIUM

v3.1 (cve.org)

EPSS Score

70.95% CRITICAL

71% probability +2.99%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Jan 2024, 10:29

Published

Vulnerability first disclosed

03 Nov 2025, 20:36

Last Modified

Vulnerability information updated

Description

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

CVSS Metrics

v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Trends

Current EPSS score: 70.95%• Percentile: 99%

Techniques & Countermeasures

CWE-209•Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.

Affected Systems

apache software foundation•apache tomcat
≥ 8.5.7, ≤ 8.5.63 | ≥ 9.0.0-M11, ≤ 9.0.43
Unknown•Tomcat
≥ 8.5.7, < 8.5.64 | ≥ 9.0.1, < 9.0.44 | 9.0.0:milestone11 | 9.0.0:milestone12 | 9.0.0:milestone13 | 9.0.0:milestone14 | 9.0.0:milestone15 | 9.0.0:milestone16 | 9.0.0:milestone17 | 9.0.0:milestone18 | 9.0.0:milestone19 | 9.0.0:milestone20 | 9.0.0:milestone21 | 9.0.0:milestone22 | 9.0.0:milestone23 | 9.0.0:milestone24 | 9.0.0:milestone25 | 9.0.0:milestone26 | 9.0.0:milestone27
org.apache.tomcat•tomcat-coyote
≥ 9.0.0-M11, < 9.0.44
org.apache.tomcat.embed•tomcat-embed-core
≥ 8.5.7, < 8.5.64