CVE-2023-46589 Apache Tomcat - Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0-M11 to 9.0.43
Apache Tomcat 8.5.7 to 8.5.63
Description:
Incomplete POST requests triggered an error response that could contain
data from a previous request from another user.
Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Tomcat 9.0.44 or later
- Upgrade to Apache Tomcat 8.5.64 or later
Credit:
This vulnerability was reported responsibly to the Tomcat security team
by xer0dayz from Sn1perSecurity LLC.
History:
2024-01-19 Original advisory
References:
[3] https://tomcat.apache.org/security-9.html
[4] https://tomcat.apache.org/security-8.html
