Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. References: http://www.openwall.com/lists/oss-security/2024/01/19/2 https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
Tomcat security advisories: https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.44 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.64 Upstream fix: https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a [9.0.44] https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311 [8.5.64]
This issue has been addressed in the following products: Red Hat build of Apache Camel 4.4.0 for Spring Boot Via RHSA-2024:2707 https://access.redhat.com/errata/RHSA-2024:2707