A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
References
Configurations
No configuration.
History
18 Nov 2024, 17:11
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 Nov 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-17 11:15
Updated : 2024-11-18 17:11
NVD link : CVE-2023-4639
Mitre link : CVE-2023-4639
CVE.ORG link : CVE-2023-4639
JSON object : View
Products Affected
No product.
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')