{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3653", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-04-11T04:14:52.345Z", "datePublished": "2024-07-08T21:21:20.899Z", "dateUpdated": "2024-09-18T08:36:43.415Z"}, "containers": {"cna": {"title": "Undertow: learningpushhandler can lead to remote memory dos attacks", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1.0", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected", "packageName": "undertow", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [{"version": "0:2.2.33-1.SP1_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [{"version": "0:2.2.33-1.SP1_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [{"version": "0:2.2.33-1.SP1_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "undertow", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Quarkus", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:camel_quarkus:3"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Spring Boot", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:camel_spring_boot:4"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apache Camel - HawtIO", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:rhboac_hawtio:4"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apicurio Registry", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:service_registry:2"]}, {"vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:build_keycloak:"]}, {"vendor": "Red Hat", "product": "Red Hat build of OptaPlanner 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:optaplanner:::el6"]}, {"vendor": "Red Hat", "product": "Red Hat build of Quarkus", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "io.quarkus/quarkus-undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:quarkus:3"]}, {"vendor": "Red Hat", "product": "Red Hat Data Grid 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_data_grid:8"]}, {"vendor": "Red Hat", "product": "Red Hat Integration Camel K", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:integration:1"]}, {"vendor": "Red Hat", "product": "Red Hat Integration Camel Quarkus", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:camel_quarkus:2"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_data_grid:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jbosseapxp"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Fuse 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Fuse Service Works 6", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse_service_works:6"]}, {"vendor": "Red Hat", "product": "Red Hat Process Automation 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"]}, {"vendor": "Red Hat", "product": "streams for Apache Kafka", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:amq_streams:1"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4392", "name": "RHSA-2024:4392", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5143", "name": "RHSA-2024:5143", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5144", "name": "RHSA-2024:5144", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5145", "name": "RHSA-2024:5145", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5147", "name": "RHSA-2024:5147", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3653", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274437", "name": "RHBZ#2274437", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-07-08T20:53:45+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime", "workarounds": [{"lang": "en", "value": "Setting the maxAge configuration is sufficient to prevent the behavior of this vulnerability being explored."}], "timeline": [{"lang": "en", "time": "2024-04-11T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-07-08T20:53:45+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-18T08:36:43.415Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T15:00:49.417301Z", "id": "CVE-2024-3653", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T15:01:06.286Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4392", "name": "RHSA-2024:4392", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3653", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274437", "name": "RHBZ#2274437", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240828-0002/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-28T15:02:47.378Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4392", "name": "RHSA-2024:4392", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3653", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274437", "name": "RHBZ#2274437", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240828-0002/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-28T15:02:47.378Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3653", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-09T15:00:49.417301Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T15:01:00.485Z"}}], "cna": {"title": "Undertow: learningpushhandler can lead to remote memory dos attacks", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1.0", "packageName": "undertow", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:2.2.33-1.SP1_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.2.33-1.SP1_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.2.33-1.SP1_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:camel_quarkus:3"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Quarkus", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:camel_spring_boot:4"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Spring Boot", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhboac_hawtio:4"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel - HawtIO", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_registry:2"], "vendor": "Red Hat", "product": "Red Hat build of Apicurio Registry", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:"], "vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:optaplanner:::el6"], "vendor": "Red Hat", "product": "Red Hat build of OptaPlanner 8", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quarkus:3"], "vendor": "Red Hat", "product": "Red Hat build of Quarkus", "packageName": "io.quarkus/quarkus-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "vendor": "Red Hat", "product": "Red Hat Data Grid 8", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:integration:1"], "vendor": "Red Hat", "product": "Red Hat Integration Camel K", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:camel_quarkus:2"], "vendor": "Red Hat", "product": "Red Hat Integration Camel Quarkus", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jbosseapxp"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "packageName": "undertow", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Fuse 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_fuse_service_works:6"], "vendor": "Red Hat", "product": "Red Hat JBoss Fuse Service Works 6", "packageName": "undertow", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"], "vendor": "Red Hat", "product": "Red Hat Process Automation 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:amq_streams:1"], "vendor": "Red Hat", "product": "streams for Apache Kafka", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-04-11T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-07-08T20:53:45+00:00", "value": "Made public."}], "datePublic": "2024-07-08T20:53:45+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4392", "name": "RHSA-2024:4392", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5143", "name": "RHSA-2024:5143", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5144", "name": "RHSA-2024:5144", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5145", "name": "RHSA-2024:5145", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5147", "name": "RHSA-2024:5147", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3653", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274437", "name": "RHBZ#2274437", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Setting the maxAge configuration is sufficient to prevent the behavior of this vulnerability being explored."}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-18T08:36:43.415Z"}, "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"}}, "cveMetadata": {"cveId": "CVE-2024-3653", "state": "PUBLISHED", "dateUpdated": "2024-09-18T08:36:43.415Z", "dateReserved": "2024-04-11T04:14:52.345Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-07-08T21:21:20.899Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Undertow. Este problema requiere habilitar el controlador de aprendizaje-push en la configuraci\u00f3n del servidor, que est\u00e1 deshabilitado de forma predeterminada, dejando la configuraci\u00f3n maxAge en el controlador sin configurar. El valor predeterminado es -1, lo que hace que el controlador sea vulnerable. Si alguien sobrescribe esa configuraci\u00f3n, el servidor no est\u00e1 sujeto al ataque. El atacante debe poder llegar al servidor con una solicitud HTTP normal."}], "id": "CVE-2024-3653", "lastModified": "2024-08-12T13:38:27.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-07-08T22:15:02.527", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4392"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:5143"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:5144"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:5145"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:5147"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-3653"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274437"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5147", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package": "undertow", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1.0", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-undertow-0:2.2.33-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-undertow-0:2.2.33-1.SP1_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-undertow-0:2.2.33-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:4392", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "package": "undertow", "product_name": "Red Hat JBoss Enterprise Application Platform 8", "release_date": "2024-07-08T00:00:00Z"}], "bugzilla": {"description": "undertow: LearningPushHandler can lead to remote memory DoS attacks", "id": "2274437", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274437"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-401", "details": ["A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.", "A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request."], "mitigation": {"lang": "en:us", "value": "Setting the maxAge configuration is sufficient to prevent the behavior of this vulnerability being explored."}, "name": "CVE-2024-3653", "package_state": [{"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "undertow", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:camel_quarkus:3", "fix_state": "Will not fix", "package_name": "undertow", "product_name": "Red Hat build of Apache Camel for Quarkus"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "undertow", "product_name": "Red Hat build of Apache Camel for Spring Boot"}, {"cpe": "cpe:/a:redhat:rhboac_hawtio:4", "fix_state": "Affected", "package_name": "undertow", "product_name": "Red Hat build of Apache Camel - HawtIO"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "undertow", "product_name": "Red Hat build of Apicurio Registry"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Will not fix", "package_name": "undertow", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:quarkus:3", "fix_state": "Affected", "package_name": "io.quarkus/quarkus-undertow", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Affected", "package_name": "undertow", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Affected", "package_name": "undertow", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Affected", "package_name": "undertow", "product_name": "Red Hat Integration Camel Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Will not fix", "package_name": "undertow", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Affected", "package_name": "undertow", "product_name": "streams for Apache Kafka"}], "public_date": "2024-07-08T20:53:45Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3653\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3653"], "statement": "Red Hat rates this as a Low impact vulnerability since the attacker needs to perform HTTP requests and the server must have incomplete configuration settings.", "threat_severity": "Low"}