A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Dec 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:8.0 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
References |
|
Thu, 19 Dec 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 | |
References |
|
Tue, 17 Dec 2024 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | ||
References |
|
Mon, 16 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:7.4 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 |
Thu, 12 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 12 Dec 2024 09:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests. | |
Title | Undertow: information leakage via http/2 request header reuse | |
First Time appeared |
Redhat
Redhat build Keycloak Redhat camel Spring Boot Redhat integration Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On Redhat rhboac Hawtio |
|
Weaknesses | CWE-200 | |
CPEs | cpe:/a:redhat:build_keycloak: cpe:/a:redhat:camel_spring_boot:3 cpe:/a:redhat:camel_spring_boot:4 cpe:/a:redhat:integration:1 cpe:/a:redhat:jboss_data_grid:7 cpe:/a:redhat:jboss_data_grid:8 cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:red_hat_single_sign_on:7 cpe:/a:redhat:rhboac_hawtio:4 |
|
Vendors & Products |
Redhat
Redhat build Keycloak Redhat camel Spring Boot Redhat integration Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On Redhat rhboac Hawtio |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-12-12T09:04:50.299Z
Updated: 2024-12-24T03:21:46.623Z
Reserved: 2024-04-24T00:55:26.417Z
Link: CVE-2024-4109
Vulnrichment
Updated: 2024-12-12T15:35:46.796Z
NVD
Status : Awaiting Analysis
Published: 2024-12-12T09:15:06.207
Modified: 2024-12-19T16:15:08.740
Link: CVE-2024-4109
Redhat