CVE-2021-21733
published 2021-05-19CVE-2021-21733: The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by…
PriorityP421medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.79%
51.7th percentile
The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| zte | zxcdn | >= 7.01 < iamv7.01.02.02 | iamv7.01.02.02 |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_apache5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-36w9-8j3m-6mcg: The management system of ZXCDN is impacted by the information leak vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-21733 [MEDIUM] CWE-200 GHSA-36w9-8j3m-6mcg: The management system of ZXCDN is impacted by the information leak vulnerability
The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02.
Apache
Apache tomcat: CVE-2024-21733
vendor_apache·CVSS 5.3
CVE-2024-21733 [MEDIUM] Apache tomcat: CVE-2024-21733
Apache tomcat: CVE-2024-21733
Incomplete POST requests triggered an error response that could contain data from a previous request from another user. This was fixed with commit ce4b154e . This issue was reported to the Apache Tomcat Security Team by xer0dayz from Sn1perSecurity LLC on 20 December 2023. The issue was made public on 19 January 2024. Affects: 8.5.7 to 8.5.63 2 February 2021 Fixed in Apache Tomcat 8.5.63 Note: The issues below were fixed in Apache Tomcat 8.5.62 but the release vote for the 8.5.62 release candidate did not pass. Therefore, although users must download 8.5.63 to obtain a version that includes a fix for these issues, version 8.5.62 is not included in the list of affected versions. Low: Fix for
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-05-19
Published