CVE-2024-21733

CVE-2024-21733: Apache Tomcat: Leaking of unrelated request bodies in default error page

Vendor Apache Software Foundation

Product Apache Tomcat

Weakness CWE-209 · Error message info leak

Published January 19, 2024

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

Key dates

Disclosure timeline

January 19, 2024 CVE published

November 3, 2025 Record updated

Identifiers

CVE CVE-2024-21733

CWE CWE-209

Affected versions

Vendor Apache Software Foundation

Product Apache Tomcat

Affected ≥ 8.5.7 and ≤ 8.5.63

Vendor Apache Software Foundation

Product Apache Tomcat

Affected ≥ 9.0.0-M11 and ≤ 9.0.43