VDB
KO
MEDIUM 5.3

GHSA-f4qf-m5gf-8jm8

Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information

Details

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.

Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.apache.tomcat:tomcat-coyote
Introduced in: 9.0.0-M11 Fixed in: 9.0.44
Fix # pom.xml: bump <version>9.0.44</version> for org.apache.tomcat:tomcat-coyote
Maven / org.apache.tomcat.embed:tomcat-embed-core
Introduced in: 8.5.7 Fixed in: 8.5.64
Fix # pom.xml: bump <version>8.5.64</version> for org.apache.tomcat.embed:tomcat-embed-core
Maven / org.apache.tomcat.embed:tomcat-embed-core
Introduced in: 9.0.0-M11 Fixed in: 9.0.44
Fix # pom.xml: bump <version>9.0.44</version> for org.apache.tomcat.embed:tomcat-embed-core
Maven / org.apache.tomcat:tomcat-coyote
Introduced in: 8.5.7 Fixed in: 8.5.64
Fix # pom.xml: bump <version>8.5.64</version> for org.apache.tomcat:tomcat-coyote
Maven / org.apache.tomcat.experimental:tomcat-embed-programmatic
Introduced in: 9.0.43 Fixed in: 9.0.44
Fix # pom.xml: bump <version>9.0.44</version> for org.apache.tomcat.experimental:tomcat-embed-programmatic

References