svn commit: r1915320 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml

Fri, 19 Jan 2024 02:17:05 -0800 

Author: markt
Date: Fri Jan 19 10:17:00 2024
New Revision: 1915320

URL: http://svn.apache.org/viewvc?rev=1915320&view=rev
Log:
Add CVE-2024-21733

Modified:
    tomcat/site/trunk/docs/security-8.html
    tomcat/site/trunk/docs/security-9.html
    tomcat/site/trunk/xdocs/security-8.xml
    tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-8.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1915320&r1=1915319&r2=1915320&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Fri Jan 19 10:17:00 2024
@@ -489,6 +489,21 @@
        
     <p>Affects: 8.5.0 to 8.5.63</p>
     
+    <p><strong>Important: Information Disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733"; 
rel="nofollow">CVE-2024-21733</a></p>
+
+    <p>Incomplete POST requests triggered an error response that could contain
+       data from a previous request from another user.</p>
+
+    <p>This was fixed with commit
+       <a 
href="https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311";>ce4b154e</a>.</p>
+
+    <p>This issue was reported to the Apache Tomcat Security Team by xer0dayz
+       from Sn1perSecurity LLC on 20 December 2023. The issue was made public 
on
+       19 January 2024.</p>
+       
+    <p>Affects: 8.5.7 to 8.5.63</p>
+
   </div><h3 id="Fixed_in_Apache_Tomcat_8.5.63"><span class="pull-right">2 
February 2021</span> Fixed in Apache Tomcat 8.5.63</h3><div class="text">
 
     <p><i>Note: The issues below were fixed in Apache Tomcat 8.5.62 but the

Modified: tomcat/site/trunk/docs/security-9.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1915320&r1=1915319&r2=1915320&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Fri Jan 19 10:17:00 2024
@@ -466,6 +466,21 @@
        
     <p>Affects: 9.0.0-M1 to 9.0.43</p>
     
+    <p><strong>Important: Information Disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733"; 
rel="nofollow">CVE-2024-21733</a></p>
+
+    <p>Incomplete POST requests triggered an error response that could contain
+       data from a previous request from another user.</p>
+
+    <p>This was fixed with commit
+       <a 
href="https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a";>86ccc439</a>.</p>
+
+    <p>This issue was reported to the Apache Tomcat Security Team by xer0dayz
+       from Sn1perSecurity LLC on 20 December 2023. The issue was made public 
on
+       19 January 2024.</p>
+       
+    <p>Affects: 9.0.0-M11 to 9.0.43</p>
+    
   </div><h3 id="Fixed_in_Apache_Tomcat_9.0.43"><span class="pull-right">2 
February 2021</span> Fixed in Apache Tomcat 9.0.43</h3><div class="text">
 
     <p><i>Note: The issues below were fixed in Apache Tomcat 9.0.42 but the

Modified: tomcat/site/trunk/xdocs/security-8.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1915320&r1=1915319&r2=1915320&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Fri Jan 19 10:17:00 2024
@@ -538,6 +538,21 @@
        
     <p>Affects: 8.5.0 to 8.5.63</p>
     
+    <p><strong>Important: Information Disclosure</strong>
+       <cve>CVE-2024-21733</cve></p>
+
+    <p>Incomplete POST requests triggered an error response that could contain
+       data from a previous request from another user.</p>
+
+    <p>This was fixed with commit
+       <hashlink hash="ce4b154e7b48f66bd98858626347747cd2514311"/>.</p>
+
+    <p>This issue was reported to the Apache Tomcat Security Team by xer0dayz
+       from Sn1perSecurity LLC on 20 December 2023. The issue was made public 
on
+       19 January 2024.</p>
+       
+    <p>Affects: 8.5.7 to 8.5.63</p>
+
   </section>
 
   <section name="Fixed in Apache Tomcat 8.5.63" rtext="2 February 2021">

Modified: tomcat/site/trunk/xdocs/security-9.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1915320&r1=1915319&r2=1915320&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-9.xml (original)
+++ tomcat/site/trunk/xdocs/security-9.xml Fri Jan 19 10:17:00 2024
@@ -513,6 +513,21 @@
        
     <p>Affects: 9.0.0-M1 to 9.0.43</p>
     
+    <p><strong>Important: Information Disclosure</strong>
+       <cve>CVE-2024-21733</cve></p>
+
+    <p>Incomplete POST requests triggered an error response that could contain
+       data from a previous request from another user.</p>
+
+    <p>This was fixed with commit
+       <hashlink hash="86ccc43940861703c2be96a5f35384407522125a"/>.</p>
+
+    <p>This issue was reported to the Apache Tomcat Security Team by xer0dayz
+       from Sn1perSecurity LLC on 20 December 2023. The issue was made public 
on
+       19 January 2024.</p>
+       
+    <p>Affects: 9.0.0-M11 to 9.0.43</p>
+    
   </section>
 
   <section name="Fixed in Apache Tomcat 9.0.43" rtext="2 February 2021">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to