Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-7885

Опубликовано: 21 авг. 2024
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:build_of_apache_camel_-_hawtio:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:build_of_apache_camel_for_spring_boot:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:data_grid:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.06348
Низкий

7.5 High

CVSS3

Дефекты

CWE-362
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2024-7885

CVSS3: 7.5
ubuntu
больше 1 года назад

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

redhat логотип

CVE-2024-7885

CVSS3: 7.5
redhat
больше 1 года назад

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

debian логотип

CVE-2024-7885

CVSS3: 7.5
debian
больше 1 года назад

A vulnerability was found in Undertow where the ProxyProtocolReadListe ...

github логотип

GHSA-9623-mqmm-5rcf

CVSS3: 7.5
github
больше 1 года назад

Undertow vulnerable to Race Condition

fstec логотип

BDU:2024-07803

CVSS3: 7.5
fstec
больше 1 года назад

Уязвимость функции parseProxyProtocolV1() класса ProxyProtocolReadListener веб-сервера Undertow, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 91%
0.06348
Низкий

7.5 High

CVSS3

Дефекты

CWE-362
NVD-CWE-noinfo