A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk.
Metrics
Affected Vendors & Products
References
History
Wed, 09 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
threat_severity
|
threat_severity
|
Wed, 09 Oct 2024 06:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Resteasy-netty4-cdi: resteasy-netty4: http request smuggling leading to client timeouts in resteasy-netty4 | Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4 |
Tue, 08 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Oct 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk. |
Title | resteasy-netty4-cdi: resteasy-netty4: HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4 | Resteasy-netty4-cdi: resteasy-netty4: http request smuggling leading to client timeouts in resteasy-netty4 |
First Time appeared |
Redhat
Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jbosseapxp |
|
CPEs | cpe:/a:redhat:jboss_data_grid:7 cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jbosseapxp |
|
Vendors & Products |
Redhat
Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jbosseapxp |
|
References |
|
Tue, 08 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | resteasy-netty4-cdi: resteasy-netty4: HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4 | |
Weaknesses | CWE-444 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-10-08T16:26:13.413Z
Updated: 2024-10-09T09:01:52.037Z
Reserved: 2024-10-08T08:48:41.620Z
Link: CVE-2024-9622
Vulnrichment
Updated: 2024-10-08T17:41:38.585Z
NVD
Status : Awaiting Analysis
Published: 2024-10-08T17:15:57.790
Modified: 2024-10-10T12:56:30.817
Link: CVE-2024-9622
Redhat