CVE-2024-6162

EPSS 2.02%
Veröffentlicht 20.06.2024 15:15:50
Zuletzt bearbeitet 29.11.2024 12:15:07
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/undertow-io/undertow

≫

Paket undertow

Version < 2.2.33.Final

Version 0

Status affected

Version < 2.3.14

Version 2.3.0.Alpha1

Status affected

HerstellerRed Hat

≫

Produkt EAP 8.0.1

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel for Spring Boot 3

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel - HawtIO 4

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Build of Keycloak

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Data Grid 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Fuse 7

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Integration Camel K 1

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Data Grid 7

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Process Automation 7

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.02%	0.831

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://access.redhat.com/errata/RHSA-2024:4884

https://access.redhat.com/errata/RHSA-2024:1194

https://access.redhat.com/errata/RHSA-2024:4386

https://access.redhat.com/security/cve/CVE-2024-6162

https://bugzilla.redhat.com/show_bug.cgi?id=2293069

https://issues.redhat.com/browse/JBEAP-26268

https://security.netapp.com/advisory/ntap-20241129-0009/

https://nvd.nist.gov/vuln/detail/CVE-2024-6162

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6162

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6162

EUVD