CVE-2024-45687 HTTP Server incorrectly accepting disallowed characters within header values

🗓️ 21 Jan 2025 16:35:43Reported by PayaraType

HTTP Server vulnerability allows header manipulation, identity spoofing in Payara Server and Micro.

Reporter	Title	Published	Views	Family All 9
IBM Security Bulletins	Security Bulletin: HTTP Request/Response Splitting via Improper CRLF Neutralization in Payara Server and Micro (Grizzly, REST Modules), affects watsonx.data	9 Sep 202515:20	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 23 (4.2.0.23)	2 Sep 202512:15	–	ibm
Circl	CVE-2024-45687	21 Jan 202516:42	–	circl
CNNVD	Payara Server和Payara Micro 注入漏洞	21 Jan 202500:00	–	cnnvd
CVE	CVE-2024-45687	21 Jan 202516:35	–	cve
EUVD	EUVD-2024-41751	3 Oct 202520:07	–	euvd
NVD	CVE-2024-45687	21 Jan 202517:15	–	nvd
RedhatCVE	CVE-2024-45687	23 May 202508:07	–	redhatcve
Vulnrichment	CVE-2024-45687 HTTP Server incorrectly accepting disallowed characters within header values	21 Jan 202516:35	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Grizzly",
      "REST Management Interface"
    ],
    "product": "Payara Server",
    "vendor": "Payara Platform",
    "versions": [
      {
        "lessThanOrEqual": "4.1.2.191.51",
        "status": "affected",
        "version": "4.1.151",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "5.70.0",
        "status": "affected",
        "version": "5.20.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "5.2022.5",
        "status": "affected",
        "version": "5.2020.2",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "6.2024.12",
        "status": "affected",
        "version": "6.2022.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "6.21.0",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Grizzly"
    ],
    "product": "Payara Micro",
    "vendor": "Payara Platform",
    "versions": [
      {
        "lessThanOrEqual": "4.1.2.191.51",
        "status": "affected",
        "version": "4.1.152",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "5.70.0",
        "status": "affected",
        "version": "5.20.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "5.2022.5",
        "status": "affected",
        "version": "5.2020.2",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "6.2024.12",
        "status": "affected",
        "version": "6.2022.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "6.21.0",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
docs	www.docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.22.0.html
docs	www.docs.payara.fish/community/docs/6.2025.1/Release%20Notes/Release%20Notes%206.2025.1.html
docs	www.docs.payara.fish/enterprise/docs/5.71.0/Release%20Notes/Release%20Notes%205.71.0.html

21 Jan 2025 16:35Current

CVSS 42.4

EPSS0.00216

CWE-113