A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.
History

Thu, 19 Dec 2024 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
References

Thu, 19 Dec 2024 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
References

Tue, 17 Dec 2024 11:00:00 +0000


Mon, 16 Dec 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9

Thu, 12 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Dec 2024 13:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 12 Dec 2024 09:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.
Title Undertow: information leakage via http/2 request header reuse
First Time appeared Redhat
Redhat build Keycloak
Redhat camel Spring Boot
Redhat integration
Redhat jboss Data Grid
Redhat jboss Enterprise Application Platform
Redhat jboss Enterprise Bpms Platform
Redhat jboss Fuse
Redhat jbosseapxp
Redhat red Hat Single Sign On
Redhat rhboac Hawtio
Weaknesses CWE-200
CPEs cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:camel_spring_boot:3
cpe:/a:redhat:camel_spring_boot:4
cpe:/a:redhat:integration:1
cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_data_grid:8
cpe:/a:redhat:jboss_enterprise_application_platform:7
cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:red_hat_single_sign_on:7
cpe:/a:redhat:rhboac_hawtio:4
Vendors & Products Redhat
Redhat build Keycloak
Redhat camel Spring Boot
Redhat integration
Redhat jboss Data Grid
Redhat jboss Enterprise Application Platform
Redhat jboss Enterprise Bpms Platform
Redhat jboss Fuse
Redhat jbosseapxp
Redhat red Hat Single Sign On
Redhat rhboac Hawtio
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-12-12T09:04:50.299Z

Updated: 2024-12-24T03:21:46.623Z

Reserved: 2024-04-24T00:55:26.417Z

Link: CVE-2024-4109

cve-icon Vulnrichment

Updated: 2024-12-12T15:35:46.796Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-12T09:15:06.207

Modified: 2024-12-19T16:15:08.740

Link: CVE-2024-4109

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-12-10T16:35:00Z

Links: CVE-2024-4109 - Bugzilla