Lucene search

Veracode Vulnerability DatabaseVERACODE:47682

HistoryJun 21, 2024 - 6:40 a.m.

Denial Of Service (DoS)

2024-06-2106:40:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

io.undertow

improper handling

url-encoded request paths

concurrent requests

ajp-listener

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

io.undertow: undertow-core is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of URL-encoded request paths for concurrent requests on the ajp-listener, which can cause the wrong path to be processed, potentially leading to Denial Of Service (DoS).

CPENameOperatorVersion
undertow corele2.3.13.Final
undertow corele2.3.13.Final

CPE	Name	Operator	Version
	undertow core	le	2.3.13.Final
	undertow core	le	2.3.13.Final

References

access.redhat.com/security/cve/CVE-2024-6162

bugzilla.redhat.com/show_bug.cgi?id=2293069

github.com/advisories/GHSA-9442-gm4v-r222

github.com/undertow-io/undertow/commit/90f202ada89b6d9883beed0f1fe10c99d470d9a8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:47682