UBUNTU-CVE-2024-21733
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 19 Jan 2024, 11:15
Last modified:04 Jun 2026, 12:45
Vulnerability Summary
Overall Risk (default)
low
21/100 CVSS Score
5.3 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
19 Jan 2024, 11:15
Published
Vulnerability first disclosed
04 Jun 2026, 12:45
Last Modified
Vulnerability information updated
Description
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Systems
- ubuntu•tomcat6
all | all
- ubuntu•tomcat7
all
- ubuntu•tomcat8
all | < 8.5.39-1ubuntu1~18.04.3+esm5
- ubuntu•tomcat9
< 9.0.16-3ubuntu0.18.04.2+esm7 | < 9.0.31-1ubuntu0.9+esm2
References (7)
- https://ubuntu.com/security/CVE-2024-21733
- https://www.openwall.com/lists/oss-security/2024/01/19/2
- https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a
- https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
- http://www.openwall.com/lists/oss-security/2024/01/19/2
- https://www.cve.org/CVERecord?id=CVE-2024-21733
- https://ubuntu.com/security/notices/USN-7562-1