ID

VAR-202107-1593


CVE

CVE-2021-33037


TITLE

Apache Tomcat  In  HTTP  Request Smuggling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003000

DESCRIPTION

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. It exists that Tomcat did not properly validate the input length. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-9494, CVE-2021-25329, CVE-2021-41079). Description: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 5.6.0 Security release Advisory ID: RHSA-2021:4861-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:4861 Issue date: 2021-11-30 CVE Names: CVE-2021-30640 CVE-2021-33037 CVE-2021-42340 ==================================================================== 1. Summary: Updated Red Hat JBoss Web Server 5.6.0 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 5.6 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.6 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS (CVE-2021-42340) * tomcat: HTTP request smuggling when used with a reverse proxy (CVE-2021-33037) * tomcat: JNDI realm authentication weakness (CVE-2021-30640) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat JBoss Web Server 5.6 for RHEL 7 Server: Source: jws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.src.rpm jws5-tomcat-native-1.2.30-3.redhat_3.el7jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.src.rpm noarch: jws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-java-jdk11-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-java-jdk8-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.30-3.redhat_3.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el7jws.x86_64.rpm Red Hat JBoss Web Server 5.6 for RHEL 8: Source: jws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.src.rpm jws5-tomcat-native-1.2.30-3.redhat_3.el8jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.src.rpm noarch: jws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.30-3.redhat_3.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el8jws.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-30640 https://access.redhat.com/security/cve/CVE-2021-33037 https://access.redhat.com/security/cve/CVE-2021-42340 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYaaMntzjgjWX9erEAQibyg/9E3I1wMpKriqTZKlf1tGcPt4wShPVNKMh B4PC8t1vBZJZ2VBMrQJdmYBUKRn3mccCqUxd0ey/UfsacIoKvAACr18iXCxYc4cO MeNqy7SWRO+Kwze2fYpBu7w5dR34yhUQAN8DAOui7DduZsS209X7WhShrLSjzF5j g+nhRCi4l5QRwcy7NF4TAhmAN7f819BwDHQJI/ttaOHqEwsDnOlPNKbV0X4Hlkf5 5VRD/8ArImD7tqpSs/9YVh34MJLCVmVkWgHBDY0I06LcRSQJoRBZDEkoPRHQxU26 hKH5oDaVezm92RFFqfwo2HHY6eGJc/qTTcd/WeW4RDfx49+ARsOt2kvO2XcEo45A iUue2MayqnfdQHRI7MMNaaWoNudI2MVBcbQYhkTZcgApZEmtCe4taeo0YUvFqUeJ N1Awh8QIN5vqA7wKdtrHiQCMx/6/fqi3VtKN3LZEuUiRMM/sueqc1yob6piuU4Vk nyHP0ULSyMYnrzoqKN1BwbobRYyXKbVR376qMtxhLMe71PXg26TgDC9seUnooNum XgcRIdc7Q2WyGaFLxGE5fS0/7FagX/etRlg9DIHi27NVl0WXgmFVLC2ZumjfSoms FgQUTPwa2Bt90Oat2u7vnB5MBvCR0+OAAsM8TK/cn/31F697MMTI6Qloiq2DDOt4 2c2PkIZ6XrY=6RkQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4952-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 09, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat9 CVE ID : CVE-2021-30640 CVE-2021-33037 Debian Bug : 991046 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name. For the stable distribution (buster), these problems have been fixed in version 9.0.31-1~deb10u5. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmERmLEACgkQEMKTtsN8 TjZeMw/9Em+a8hxIgfV6m8svrekc9scclTwKifFNjMU8JPwRHiK/jP7jpz8mwO4W AiEe+TaIiEhlqjg41G2b7P/2cxJlB2Uetf16dvajv9kZA4MjMVDTXiDKvuqo5uVg zT7lkwU6jaMDGUd/unZZTwk8jh4imrF11fLCL6bQciwBdDAuiMDiioW526XwK/5u oUfdu1SJphXNQSkq/d6R7eTOurryFxYrrBswUUsYF5Dk4NhtNuR6pLsRmLVo3sO1 490C/MxLuL/vDMY/5ycqUcBu9JQ4hOADDUClUFcx4/U9soMCTbxsc4OGVlqJAK4W +IeVNO6Y+miHkQCoeqP3deq+ZCwiHaaPR4Y+pZHmGaSvnG7akG8ZJATZWUB/YdU4 DnNlGxgaIIqxHSZcht9ExSTufwjNiYGCQeuBPVhOsh+DDk4l1m1JJN+5nUwB9/id SRV3ZmlRLwJu0YcZPdtogrgmfUgpI3rr+M0t+nERDo3gJ5qQIT2shCNjQaNSEcx8 ko/6aELWC546FlncPCjEpCNDGqsEn7BYOzf18JRqlD1/NPYM+eBa1grXqBdYj9oa Fyl69bY8YU7V8l/aEDvrPDMDStvIvaK2MFtdPvpUQRvU71iuY37CtM5AaaGyOl95 zyNSHUvLzXNOpEWUMTgNKTmTmbRTkCSW71GCgRaVuLthzHN2Bic= =WmYc -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache Tomcat: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #773571, #801916, #818160, #855971 ID: 202208-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/tomcat < 8.5.82:8.5 >= 8.5.82:8.5 < 9.0.65:9 >= 9.0.65:9 < 10.0.23:10 >= 10.0.23:10 Description ========== Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache Tomcat 10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.0.23:10" All Apache Tomcat 9.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-9.0.65:9" All Apache Tomcat 8.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.82:8.5" References ========= [ 1 ] CVE-2021-25122 https://nvd.nist.gov/vuln/detail/CVE-2021-25122 [ 2 ] CVE-2021-25329 https://nvd.nist.gov/vuln/detail/CVE-2021-25329 [ 3 ] CVE-2021-30639 https://nvd.nist.gov/vuln/detail/CVE-2021-30639 [ 4 ] CVE-2021-30640 https://nvd.nist.gov/vuln/detail/CVE-2021-30640 [ 5 ] CVE-2021-33037 https://nvd.nist.gov/vuln/detail/CVE-2021-33037 [ 6 ] CVE-2021-42340 https://nvd.nist.gov/vuln/detail/CVE-2021-42340 [ 7 ] CVE-2022-34305 https://nvd.nist.gov/vuln/detail/CVE-2022-34305 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-34 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/ 4

Trust: 2.88

sources: NVD: CVE-2021-33037 // JVNDB: JVNDB-2021-003000 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-393050 // VULMON: CVE-2021-33037 // PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 169105 // PACKETSTORM: 168127 // PACKETSTORM: 167841

AFFECTED PRODUCTS

vendor:日立model:ucosminexus application serverscope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus primary server basescope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus service platformscope: - version: -

Trust: 1.6

vendor:oraclemodel:communications instant messaging serverscope:eqversion:10.0.1.5.0

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:8.5.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:graph server and clientscope:ltversion:21.4

Trust: 1.0

vendor:mcafeemodel:epolicy orchestratorscope:ltversion:5.10.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:8.0.25

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:utilities testing acceleratorscope:eqversion:6.0.0.1.1

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:10.0.6

Trust: 1.0

vendor:apachemodel:tomcatscope:gtversion:9.0.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:apachemodel:tomcatscope:gtversion:10.0.0

Trust: 1.0

vendor:oraclemodel:healthcare translational researchscope:eqversion:4.1.0

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:9.0.46

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:communications policy managementscope:eqversion:12.5.0

Trust: 1.0

vendor:oraclemodel:secure global desktopscope:eqversion:5.6

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.1

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:8.5.66

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.14.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0.2

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:lteversion:8.2.4.0

Trust: 1.0

vendor:oraclemodel:communications pricing design centerscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:lteversion:8.2.4

Trust: 1.0

vendor:oraclemodel:communications cloud native core service communication proxyscope:eqversion:1.14.0

Trust: 1.0

vendor:oraclemodel:hospitality cruise shipboard property management systemscope:eqversion:20.1.0

Trust: 1.0

vendor:apachemodel:tomeescope:eqversion:8.0.6

Trust: 1.0

vendor:oraclemodel:utilities testing acceleratorscope:eqversion:6.0.0.3.1

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:mcafeemodel:epolicy orchestratorscope:eqversion:5.10.0

Trust: 1.0

vendor:oraclemodel:utilities testing acceleratorscope:eqversion:6.0.0.2.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:日本電気model:addpointscope: - version: -

Trust: 0.8

vendor:日本電気model:connexive edge device managementscope: - version: -

Trust: 0.8

vendor:日本電気model:iot データストアscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server standardscope: - version: -

Trust: 0.8

vendor:日本電気model:webotxscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer standardscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:日本電気model:nec 自動応答scope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:日本電気model:simpwrightscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus developer professionalscope: - version: -

Trust: 0.8

vendor:日本電気model:webotx application serverscope: - version: -

Trust: 0.8

vendor:日本電気model:connexive pfscope: - version: -

Trust: 0.8

vendor:日本電気model:elastic matcherscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server-rscope: - version: -

Trust: 0.8

vendor:日本電気model:secureware/clmscope: - version: -

Trust: 0.8

vendor:apachemodel:tomeescope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:apachemodel:tomcatscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications diameter signaling routerscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus application server standardscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center common servicesscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:日本電気model:esmpro/servermanagerscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus developer standardscope: - version: -

Trust: 0.8

vendor:日本電気model:infocagescope: - version: -

Trust: 0.8

vendor:日立model:cosminexus developer lightscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server standard-rscope: - version: -

Trust: 0.8

vendor:日本電気model:enterpriseidentitymanagerscope: - version: -

Trust: 0.8

vendor:日本電気model:webotx developerscope: - version: -

Trust: 0.8

vendor:日本電気model:retrieemscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer professionalscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer professional for plug-inscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003000 // NVD: CVE-2021-33037

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-33037
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-33037
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-681
value: MEDIUM

Trust: 0.6

VULHUB: VHN-393050
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-33037
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-33037
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-393050
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-33037
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-33037
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-393050 // VULMON: CVE-2021-33037 // JVNDB: JVNDB-2021-003000 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-681 // NVD: CVE-2021-33037

PROBLEMTYPE DATA

problemtype:CWE-444

Trust: 1.1

problemtype:HTTP Request Smuggling (CWE-444) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-393050 // JVNDB: JVNDB-2021-003000 // NVD: CVE-2021-33037

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-681

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:hitachi-sec-2021-140url:https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E

Trust: 0.8

title:Apache Tomcat Remediation measures for environmental problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178517

Trust: 0.6

title:Amazon Linux AMI: ALAS-2021-1535url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1535

Trust: 0.1

title:Debian Security Advisories: DSA-4952-1 tomcat9 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=34a8611657c60f45f0bee7f033163917

Trust: 0.1

title:Debian CVElist Bug Report Logs: tomcat9: CVE-2021-33037 CVE-2021-30640 CVE-2021-30639url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c76b2125cc2898e046bae42a78fc87ed

Trust: 0.1

title:Red Hat: Important: Red Hat support for Spring Boot 2.5.10 updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221179 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2021-33037url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-33037

Trust: 0.1

title:Ubuntu Security Notice: USN-5360-1: Tomcat vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5360-1

Trust: 0.1

title:Hitachi Security Advisories: Vulnerability in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-140

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.11.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225532 - Security Advisory

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Servicesurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-134

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-33037

Trust: 0.1

sources: VULMON: CVE-2021-33037 // JVNDB: JVNDB-2021-003000 // CNNVD: CNNVD-202107-681

EXTERNAL IDS

db:NVDid:CVE-2021-33037

Trust: 4.0

db:MCAFEEid:SB10366

Trust: 1.8

db:PACKETSTORMid:168127

Trust: 0.8

db:PACKETSTORMid:165112

Trust: 0.8

db:JVNid:JVNVU91880022

Trust: 0.8

db:JVNDBid:JVNDB-2021-003000

Trust: 0.8

db:PACKETSTORMid:166707

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021072907

Trust: 0.6

db:CS-HELPid:SB2022012750

Trust: 0.6

db:CS-HELPid:SB2021081231

Trust: 0.6

db:CS-HELPid:SB2021113014

Trust: 0.6

db:CS-HELPid:SB2021101943

Trust: 0.6

db:CS-HELPid:SB2021090824

Trust: 0.6

db:CS-HELPid:SB2022011911

Trust: 0.6

db:CS-HELPid:SB2022012307

Trust: 0.6

db:CS-HELPid:SB2022042210

Trust: 0.6

db:CS-HELPid:SB2021092919

Trust: 0.6

db:CS-HELPid:SB2022040522

Trust: 0.6

db:CS-HELPid:SB2021080808

Trust: 0.6

db:AUSCERTid:ESB-2021.2676

Trust: 0.6

db:AUSCERTid:ESB-2021.4028

Trust: 0.6

db:AUSCERTid:ESB-2021.2664

Trust: 0.6

db:AUSCERTid:ESB-2021.3924

Trust: 0.6

db:AUSCERTid:ESB-2021.3688

Trust: 0.6

db:AUSCERTid:ESB-2021.2359

Trust: 0.6

db:AUSCERTid:ESB-2021.3531

Trust: 0.6

db:AUSCERTid:ESB-2021.2647

Trust: 0.6

db:AUSCERTid:ESB-2022.1404

Trust: 0.6

db:CNNVDid:CNNVD-202107-681

Trust: 0.6

db:PACKETSTORMid:165117

Trust: 0.2

db:SEEBUGid:SSVID-99316

Trust: 0.1

db:VULHUBid:VHN-393050

Trust: 0.1

db:VULMONid:CVE-2021-33037

Trust: 0.1

db:PACKETSTORMid:169105

Trust: 0.1

db:PACKETSTORMid:167841

Trust: 0.1

sources: VULHUB: VHN-393050 // VULMON: CVE-2021-33037 // JVNDB: JVNDB-2021-003000 // PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 169105 // PACKETSTORM: 168127 // PACKETSTORM: 167841 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-681 // NVD: CVE-2021-33037

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.4

url:https://security.gentoo.org/glsa/202208-34

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-33037

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20210827-0007/

Trust: 1.8

url:https://www.debian.org/security/2021/dsa-4952

Trust: 1.8

url:https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3cannounce.tomcat.apache.org%3e

Trust: 1.8

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html

Trust: 1.8

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10366

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2021-33037

Trust: 1.0

url:https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7@%3ccommits.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262@%3ccommits.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2@%3ccommits.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b@%3ccommits.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97@%3ccommits.tomee.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37@%3ccommits.tomee.apache.org%3e

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91880022/

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021113014

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3924

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2359

Trust: 0.6

url:https://packetstormsecurity.com/files/165112/red-hat-security-advisory-2021-4863-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022040522

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080808

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4028

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb20220422102

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090824

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2664

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6493299

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6497115

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3531

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012750

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1404

Trust: 0.6

url:https://packetstormsecurity.com/files/166707/red-hat-security-advisory-2022-1179-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2647

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-tomcat-hiding-via-request-encoding-35862

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101943

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2676

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3688

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011911

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012307

Trust: 0.6

url:https://packetstormsecurity.com/files/168127/gentoo-linux-security-advisory-202208-34.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6485649

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092919

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072907

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081231

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-30640

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-30640

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-42340

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-42340

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3859

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3629

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41079

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-25122

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10366

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/444.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-33037

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2021-1535.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5360-1

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.5/html/release_notes_for_spring_boot_2.5/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3859

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3597

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20289

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3597

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xcatrhoar.spring.boot&version=2.5.10

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3629

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1179

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41079

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4861

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4863

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/tomcat9

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-34305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25329

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22970

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.11.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7020

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22119

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23913

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22932

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22978

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7020

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36090

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35515

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3644

Trust: 0.1

sources: VULHUB: VHN-393050 // VULMON: CVE-2021-33037 // JVNDB: JVNDB-2021-003000 // PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 169105 // PACKETSTORM: 168127 // PACKETSTORM: 167841 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-681 // NVD: CVE-2021-33037

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 167841

SOURCES

db:VULHUBid:VHN-393050
db:VULMONid:CVE-2021-33037
db:JVNDBid:JVNDB-2021-003000
db:PACKETSTORMid:166707
db:PACKETSTORMid:165117
db:PACKETSTORMid:165112
db:PACKETSTORMid:169105
db:PACKETSTORMid:168127
db:PACKETSTORMid:167841
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-681
db:NVDid:CVE-2021-33037

LAST UPDATE DATE

2024-08-14T13:06:32.520000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-393050date:2022-10-27T00:00:00
db:VULMONid:CVE-2021-33037date:2022-10-27T00:00:00
db:JVNDBid:JVNDB-2021-003000date:2022-12-13T07:04:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-681date:2022-08-23T00:00:00
db:NVDid:CVE-2021-33037date:2023-11-07T03:35:46.960

SOURCES RELEASE DATE

db:VULHUBid:VHN-393050date:2021-07-12T00:00:00
db:VULMONid:CVE-2021-33037date:2021-07-12T00:00:00
db:JVNDBid:JVNDB-2021-003000date:2021-10-14T00:00:00
db:PACKETSTORMid:166707date:2022-04-13T15:02:31
db:PACKETSTORMid:165117date:2021-12-01T16:38:47
db:PACKETSTORMid:165112date:2021-12-01T16:37:47
db:PACKETSTORMid:169105date:2021-08-28T19:12:00
db:PACKETSTORMid:168127date:2022-08-22T16:02:30
db:PACKETSTORMid:167841date:2022-07-27T17:27:19
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-681date:2021-07-12T00:00:00
db:NVDid:CVE-2021-33037date:2021-07-12T15:15:08.400