CVE-2024-21733

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.7 through 8.5.63 Apache Tomcat versions 9.0.0-M11 through 9.0.43

Description The issue is related to the generation of error messages containing sensitive information in Apache Tomcat. Incomplete POST requests can trigger an error response that may contain data from a previous request from another user. This could allow an attacker to obtain sensitive information. It is estimated that over 19 million devices may be affected by this issue. There is no information about specific real-world incidents where this issue was exploited.

Recommendations For Apache Tomcat versions 8.5.7 through 8.5.63, upgrade to version 8.5.64 or later. For Apache Tomcat versions 9.0.0-M11 through 9.0.43, upgrade to version 9.0.44 or later. As a temporary workaround, consider restricting access to sensitive data and monitoring for suspicious activity until a patch is applied.