CVE-2024-1481 Freeipa: specially crafted http requests potentially lead to denial of service

🗓️ 10 Apr 2024 20:39:31Reported by redhatType

Flaw in FreeIPA allows remote denial of service via specially crafted HTTP requests

Reporter	Title	Published	Views	Family All 57
Tenable Nessus	Amazon Linux 2 : ipa (ALAS-2024-2498)	18 Mar 202400:00	–	nessus
Tenable Nessus	Debian dla-3773 : freeipa-admintools - security update	25 Mar 202400:00	–	nessus
Tenable Nessus	Fedora 39 : freeipa (2024-826453ad39)	12 Mar 202400:00	–	nessus
Tenable Nessus	Fedora 40 : freeipa (2024-9fc8015fa9)	29 Apr 202400:00	–	nessus
Tenable Nessus	Fedora 38 : freeipa (2024-bbfef02415)	12 Mar 202400:00	–	nessus
Tenable Nessus	Fedora 41 : freeipa (2024-d7b9fbb2a5)	14 Nov 202400:00	–	nessus
Tenable Nessus	Oracle Linux 9 : ipa (ELSA-2024-2147)	6 May 202400:00	–	nessus
Tenable Nessus	Oracle Linux 8 : idm:DL1 (ELSA-2024-3044)	28 May 202400:00	–	nessus
Tenable Nessus	RHEL 9 : ipa (RHSA-2024:2147)	30 Apr 202400:00	–	nessus
Tenable Nessus	RHEL 8 : idm:DL1 (RHSA-2024:3044)	7 Nov 202400:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "4.10.1"
      }
    ],
    "packageName": "freeipa",
    "collectionURL": "https://github.com/freeipa/freeipa/",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "idm:client",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8100020240307184541.6d180cd9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "idm:DL1",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8100020240307185118.fc00487d",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ipa",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.11.0-9.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ipa",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:2147
access	www.access.redhat.com/security/cve/CVE-2024-1481
access	www.access.redhat.com/errata/RHSA-2024:3044
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

25 Feb 2026 19:31Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3

EPSS0.0111

CWE-20