A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
References
Configurations
Configuration 1 (hide)
|
History
07 Oct 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Oct 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Sep 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Sep 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Aug 2024, 17:05
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
Summary |
|
|
References | () https://access.redhat.com/security/cve/CVE-2024-7885 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2305290 - Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:redhat:build_of_apache_camel_-_hawtio:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:data_grid:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_apache_camel_for_spring_boot:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:*:*:*:* |
|
First Time |
Redhat process Automation
Redhat single Sign-on Redhat build Of Keycloak Redhat build Of Apache Camel For Spring Boot Redhat jboss Fuse Redhat Redhat integration Camel K Redhat jboss Enterprise Application Platform Redhat build Of Apache Camel - Hawtio Redhat data Grid |
21 Aug 2024, 16:06
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-21 14:15
Updated : 2024-10-07 21:15
NVD link : CVE-2024-7885
Mitre link : CVE-2024-7885
CVE.ORG link : CVE-2024-7885
JSON object : View
Products Affected
redhat
- single_sign-on
- process_automation
- integration_camel_k
- data_grid
- jboss_fuse
- build_of_apache_camel_for_spring_boot
- build_of_keycloak
- jboss_enterprise_application_platform
- build_of_apache_camel_-_hawtio
CWE
NVD-CWE-noinfo
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')