=====================================================================

                                   CERT-Renater

                       Note d'Information No. 2024/VULN045
_____________________________________________________________________

DATE                : 22/01/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Tomcat versions prior to
                                       9.0.44, 8.5.64.

=====================================================================
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
_____________________________________________________________________

CVE-2023-46589 Apache Tomcat - Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0-M11 to 9.0.43
Apache Tomcat 8.5.7 to 8.5.63

Description:
Incomplete POST requests triggered an error response that could
contain data from a previous request from another user.

Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- - Upgrade to Apache Tomcat 9.0.44 or later
- - Upgrade to Apache Tomcat 8.5.64 or later

Credit:
This vulnerability was reported responsibly to the Tomcat security
team by xer0dayz from Sn1perSecurity LLC.

History:
2024-01-19 Original advisory

References:
[3] https://tomcat.apache.org/security-9.html
[4] https://tomcat.apache.org/security-8.html


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================