Apache Software Foundation has released a security advisory to address a vulnerability in the Apache Tomcat. A remote attacker could entice a user to access specially crafted network resources which is using NTFS file system to exploit the vulnerability.
A successful exploitation of the vulnerability could lead to information disclosure on an affected system.
Apache Software Foundation has released new version of the products to address the issue and they can be downloaded at the following URLs:
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.107
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.60
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.40
https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/apache-releases-security-advisory-tomcat
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122