{"id":"CVE-2024-21733","details":"Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.","aliases":["BIT-tomcat-2024-21733","GHSA-f4qf-m5gf-8jm8"],"modified":"2026-03-27T08:59:19.739776979Z","published":"2024-01-19T11:15:08.043Z","related":["SUSE-SU-2024:0829-1","SUSE-SU-2026:1058-1"],"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/01/19/2"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240216-0005/"},{"type":"FIX","url":"https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2024/01/19/2"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2024/01/19/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"3c78e95e36268dfb76db1570f0cf49104fa6eabc"},{"fixed":"7b4007a6a77300056f4681b064d7332c2284cbdd"},{"introduced":"b5205c92f41dfd9a67f78bc783db7b022e38226c"},{"fixed":"c47f86adea090175669df8b2ca04c93050bcaf8c"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-21733.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}