Lucene search

Redhat.comRH:CVE-2024-6162

HistoryJun 20, 2024 - 2:27 p.m.

CVE-2024-6162

2024-06-2014:27:57

redhat.com

access.redhat.com

undertow

vulnerability

url-encoded

request

path

ajp-listener

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service.

References

bugzilla.redhat.com/show_bug.cgi?id=2293069

nvd.nist.gov/vuln/detail/CVE-2024-6162

www.cve.org/CVERecord?id=CVE-2024-6162

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for RH:CVE-2024-6162