HIGH 7.5 Maven
Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse
GHSA-22c5-cpvr-cfvq
Published ยท Modified
Description
Withdrawn Advisory
This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109.
Original Description
A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-4109
- WEB https://access.redhat.com/errata/RHSA-2024:10927
- WEB https://access.redhat.com/errata/RHSA-2024:10928
- WEB https://access.redhat.com/errata/RHSA-2024:10929
- WEB https://access.redhat.com/errata/RHSA-2024:10933
- WEB https://access.redhat.com/errata/RHSA-2024:11559
- WEB https://access.redhat.com/errata/RHSA-2024:11560
- WEB https://access.redhat.com/errata/RHSA-2024:11570
- WEB https://access.redhat.com/security/cve/CVE-2024-4109
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=2272325
- PACKAGE https://github.com/undertow-io/undertow
- WEB https://github.com/undertow-io/undertow/blob/6ae61c6af88d2a8341922ccd0de98926e8349543/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java#L250-L259
Ready to move
Start Securing
Free, no credit card | First findings in minutes