Lucene search

[email protected]NVD:CVE-2024-6162

HistoryJun 20, 2024 - 3:15 p.m.

CVE-2024-6162

2024-06-2015:15:50

CWE-400

[email protected]

web.nvd.nist.gov

undertow

vulnerability

request path

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service.

References

access.redhat.com/security/cve/CVE-2024-6162

bugzilla.redhat.com/show_bug.cgi?id=2293069

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2024-6162

github1 osv1 ubuntucve1 veracode1 redhatcve1 cvelist1 debiancve1 vulnrichment1 cve1