Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-4639

Опубликовано: 08 фев. 2024
Источник: redhat
CVSS3: 7.4
EPSS Низкий

Описание

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for Applications 6org.keycloak-keycloak-parentNot affected
Red Hat build of Apache Camel for Spring Boot 3undertowNot affected
Red Hat build of Apicurio Registry 2undertowUnder investigation
Red Hat build of Debezium 1undertowUnder investigation
Red Hat build of Quarkusio.quarkus/quarkus-undertowUnder investigation
Red Hat Data Grid 8undertowNot affected
Red Hat Decision Manager 7undertowUnder investigation
Red Hat Fuse 7undertowUnder investigation
Red Hat Integration Camel K 1undertowNot affected
Red Hat Integration Camel Quarkus 1undertowNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-444
https://bugzilla.redhat.com/show_bug.cgi?id=2166022undertow: Cookie Smuggling/Spoofing

EPSS

Процентиль: 90%
0.05363
Низкий

7.4 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-4639

CVSS3: 7.4
ubuntu
около 1 года назад

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.

nvd логотип

CVE-2023-4639

CVSS3: 7.4
nvd
около 1 года назад

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.

debian логотип

CVE-2023-4639

CVSS3: 7.4
debian
около 1 года назад

A flaw was found in Undertow, which incorrectly parses cookies with ce ...

github логотип

GHSA-3jrv-jgp8-45v3

CVSS3: 7.4
github
около 1 года назад

Undertow incorrectly parses cookies

fstec логотип

BDU:2024-01315

CVSS3: 7.4
fstec
около 3 лет назад

Уязвимость веб-сервера Undertow, связанная с недостатками обработки входящих HTTP-запросов, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

EPSS

Процентиль: 90%
0.05363
Низкий

7.4 High

CVSS3

Уязвимость CVE-2023-4639