Request a Demo
Rewterz
Rewterz Threat Alert – Trickbot is Back
January 18, 2021
Rewterz
Rewterz Threat Alert – APT-C-41 StrongPity – IOCs
January 18, 2021

Rewterz Threat Advisory – CVE-2021-24122 – Apache Tomcat information disclosure

Severity

High

Analysis Summary

CVE-2021-24122

Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when serving resources from a network location using the NTFS file system. By sending a specially-crafted request, an attacker could exploit this vulnerability to view the source code for JSPs in some configurations, and use this information to launch further attacks against the affected system.

Impact

Information disclosure

Affected Vendors

Apache Tomcat

Affected Products

  • Apache Tomcat 7.0.0
  • Apache Tomcat 9.0.0 M1
  • Apache Tomcat 8.5.0
  • Apache Tomcat 8.5.59
  • Apache Tomcat 9.0.39
  • Apache Tomcat 10.0.0-M9
  • Apache Tomcat 7.0.106

Remediation

Upgrade to the latest version of Apache Tomcat (7.0.107, 8.5.60, 9.0.40, 10.0.0-M10 or later).