CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.

Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

Published: Jan 19, 2024
Updated: Nov 4, 2025
CVE: CVE-2024-21733
GHSA: GHSA-f4qf-m5gf-8jm8
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-209

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
apache / tomcat	9.0.0-milestone11	9.0.0-milestone11.x
apache / tomcat	9.0.0-milestone12	9.0.0-milestone12.x
apache / tomcat	9.0.0-milestone13	9.0.0-milestone13.x
apache / tomcat	9.0.0-milestone14	9.0.0-milestone14.x
apache / tomcat	9.0.0-milestone15	9.0.0-milestone15.x
apache / tomcat	9.0.0-milestone16	9.0.0-milestone16.x
apache / tomcat	9.0.0-milestone17	9.0.0-milestone17.x
apache / tomcat	9.0.0-milestone18	9.0.0-milestone18.x
apache / tomcat	9.0.0-milestone19	9.0.0-milestone19.x
apache / tomcat	9.0.0-milestone20	9.0.0-milestone20.x
apache / tomcat	9.0.0-milestone21	9.0.0-milestone21.x
apache / tomcat	9.0.0-milestone22	9.0.0-milestone22.x
apache / tomcat	9.0.0-milestone23	9.0.0-milestone23.x
apache / tomcat	9.0.0-milestone24	9.0.0-milestone24.x
apache / tomcat	9.0.0-milestone25	9.0.0-milestone25.x
apache / tomcat	9.0.0-milestone26	9.0.0-milestone26.x
apache / tomcat	9.0.0-milestone27	9.0.0-milestone27.x
apache / tomcat	9.0.1	9.0.44
apache / tomcat	8.5.7	8.5.64
org.apache.tomcat / tomcat-coyote	9.0.0-M11	9.0.44
org.apache.tomcat.embed / tomcat-embed-core	8.5.7	8.5.64

Vulnerability Database

309,961

CVE-2024-21733

Deep Security Visibility Without the Complexity