A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
References
Configurations
Configuration 1 (hide)
|
History
12 Dec 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Nov 2024, 09:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Oct 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Oct 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Sep 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Sep 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Aug 2024, 17:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/security/cve/CVE-2024-7885 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2305290 - Issue Tracking, Vendor Advisory | |
First Time |
Redhat
Redhat build Of Keycloak Redhat jboss Enterprise Application Platform Redhat integration Camel K Redhat jboss Fuse Redhat build Of Apache Camel - Hawtio Redhat data Grid Redhat process Automation Redhat build Of Apache Camel For Spring Boot Redhat single Sign-on |
|
Summary |
|
|
CPE | cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_apache_camel_for_spring_boot:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:data_grid:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_apache_camel_-_hawtio:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo |
21 Aug 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-21 14:15
Updated : 2024-12-12 22:15
NVD link : CVE-2024-7885
Mitre link : CVE-2024-7885
CVE.ORG link : CVE-2024-7885
JSON object : View
Products Affected
redhat
- jboss_fuse
- process_automation
- single_sign-on
- build_of_apache_camel_-_hawtio
- build_of_apache_camel_for_spring_boot
- integration_camel_k
- data_grid
- build_of_keycloak
- jboss_enterprise_application_platform
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
NVD-CWE-noinfo