Описание
Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse
Withdrawn Advisory
This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109.
Original Description
A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-4109
- https://access.redhat.com/errata/RHSA-2024:10927
- https://access.redhat.com/errata/RHSA-2024:10928
- https://access.redhat.com/errata/RHSA-2024:10929
- https://access.redhat.com/errata/RHSA-2024:10933
- https://access.redhat.com/errata/RHSA-2024:11559
- https://access.redhat.com/errata/RHSA-2024:11560
- https://access.redhat.com/errata/RHSA-2024:11570
- https://access.redhat.com/security/cve/CVE-2024-4109
- https://bugzilla.redhat.com/show_bug.cgi?id=2272325
- https://github.com/undertow-io/undertow/blob/6ae61c6af88d2a8341922ccd0de98926e8349543/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java#L250-L259
Пакеты
io.undertow:undertow-core
<= 2.3.18.Final
Отсутствует
Связанные уязвимости
[REJECTED CVE] A vulnerability has been identified in the Undertow package where the readHpackString method may incorrectly reuse an HTTP request header value from a previous stream for a new request on the same HTTP/2 connection due to improper handling of the stringBuilder field. While this typically results in an error and connection termination, an attacker could potentially exploit this flaw to leak sensitive information between requests within the same connection.
Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability.