Information Exposure Affecting pki-deps:10.6/pki-servlet-engine package, versions *


Severity

Recommended
high

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.49% (76th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL8-PKIDEPS-6182073
  • published20 Jan 2024
  • disclosed19 Jan 2024

Introduced: 19 Jan 2024

CVE-2024-21733  (opens in a new tab)
CWE-209  (opens in a new tab)

How to fix?

There is no fixed version for RHEL:8 pki-deps:10.6/pki-servlet-engine.

NVD Description

Note: Versions mentioned in the description apply only to the upstream pki-deps:10.6/pki-servlet-engine package and not the pki-deps:10.6/pki-servlet-engine package as distributed by RHEL. See How to fix? for RHEL:8 relevant fixed versions and status.

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.

Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

CVSS Scores

version 3.1