Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-24122
PUBLISHED
More InfoOfficial Page
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
View Known Exploited Vulnerability (KEV) details
Published At-14 Jan, 2021 | 14:45
Updated At-13 Feb, 2025 | 16:27
Rejected At-
▼CVE Numbering Authority (CNA)
Apache Tomcat information disclosure

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache Tomcat
Versions
Affected
  • From Apache Tomcat 10 before 10.0.0-M10 (custom)
  • From Apache Tomcat 9 before 9.0.40 (custom)
  • From Apache Tomcat 8.5 before 8.5.60 (custom)
  • From Apache Tomcat 7 before 7.0.106 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Information Exposure
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
This issue was identified by Ilja Brander.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E
x_refsource_MISC
https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d%40%3Cdev.tomee.apache.org%3E
mailing-list
x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/01/14/1
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9%40%3Cusers.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710%40%3Cdev.tomee.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html
mailing-list
x_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210212-0008/
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E
x_refsource_MISC
x_transferred
https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d%40%3Cdev.tomee.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
http://www.openwall.com/lists/oss-security/2021/01/14/1
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9%40%3Cusers.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710%40%3Cdev.tomee.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html
mailing-list
x_refsource_MLIST
x_transferred
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20210212-0008/
x_refsource_CONFIRM
x_transferred
Details not found