CVE-2024-6162

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6162
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:1194
https://access.redhat.com/errata/RHSA-2024:4386
https://access.redhat.com/errata/RHSA-2024:4884
https://access.redhat.com/security/cve/CVE-2024-6162
https://bugzilla.redhat.com/show_bug.cgi?id=2293069
https://issues.redhat.com/browse/JBEAP-26268
Configurations

No configuration.

History

09 Sep 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1194 -
  • () https://access.redhat.com/errata/RHSA-2024:4386 -

05 Aug 2024, 15:15

Type Values Removed Values Added
Summary (en) A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service. (en) A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.
References
  • () https://issues.redhat.com/browse/JBEAP-26268 -

25 Jul 2024, 21:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Undertow. La información de la ruta de solicitud codificada en URL se puede romper para solicitudes simultáneas en ajp-listener, lo que provoca que se procese la ruta incorrecta y resulte en una posible denegación de servicio.
References
  • () https://access.redhat.com/errata/RHSA-2024:4884 -

20 Jun 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-20 15:15

Updated : 2024-09-09 18:15

NVD link : CVE-2024-6162

Mitre link : CVE-2024-6162

CVE.ORG link : CVE-2024-6162

JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024