7.5
CVE-2024-6162
- EPSS 2.02%
- Published 20.06.2024 15:15:50
- Last modified 29.11.2024 12:15:07
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/undertow-io/undertow
≫
Package
undertow
Version <
2.2.33.Final
Version
0
Status
affected
Version <
2.3.14
Version
2.3.0.Alpha1
Status
affected
VendorRed Hat
≫
Product
EAP 8.0.1
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform Expansion Pack
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat build of Apache Camel for Spring Boot 3
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat build of Apache Camel - HawtIO 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Build of Keycloak
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Data Grid 8
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Fuse 7
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Integration Camel K 1
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat JBoss Data Grid 7
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 7
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform Expansion Pack
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Process Automation 7
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Single Sign-On 7
Default Statusaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.02% | 0.831 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.