Re: [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure
Correcting the CVE reference in the text (the subject line is correct) Mark On 19/01/2024 10:17, Mark Thomas wrote: CVE-2023-21733 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache Tomcat 8.5.7 to 8.5.63 Description: Incomplete POST requests triggered an error response that could contain data from a previous request from another user. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 9.0.44 or later - Upgrade to Apache Tomcat 8.5.64 or later Credit: This vulnerability was reported responsibly to the Tomcat security team by xer0dayz from Sn1perSecurity LLC. History: 2024-01-19 Original advisory References: [3] https://tomcat.apache.org/security-9.html [4] https://tomcat.apache.org/security-8.html
[SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure
CVE-2023-46589 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache Tomcat 8.5.7 to 8.5.63 Description: Incomplete POST requests triggered an error response that could contain data from a previous request from another user. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 9.0.44 or later - Upgrade to Apache Tomcat 8.5.64 or later Credit: This vulnerability was reported responsibly to the Tomcat security team by xer0dayz from Sn1perSecurity LLC. History: 2024-01-19 Original advisory References: [3] https://tomcat.apache.org/security-9.html [4] https://tomcat.apache.org/security-8.html
