Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Red Hat build of Apache Camel 3.20.7 for Spring Boot by Red Hat

    CVE-2024-7885 (GCVE-0-2024-7885)

    Vulnerability from nvd – Published: 2024-08-21 14:13 – Updated: 2026-01-19 03:51
    VLAI
    Title
    Undertow: improper state management in proxy protocol parsing causes information leakage
    Summary
    A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:11023 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6508 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6883 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7441 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7442 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7735 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7736 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:8080 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:16667 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0743 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-7885 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2305290 issue-trackingx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2024101…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.2.36.Final (custom)
    Affected: 2.3.0.Alpha1 , < 2.3.17.Final (custom)
    Red Hat HawtIO 4.0.0 for Red Hat build of Apache Camel 4     cpe:/a:redhat:rhboac_hawtio:4.0.0
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 3.20.7 for Spring Boot     cpe:/a:redhat:apache_camel_spring_boot:3.20.7
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 4.4.2 for Spring Boot     cpe:/a:redhat:apache_camel_spring_boot:4.4.2
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:1.11.0-1.redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.4.11-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:1.7.2-19.Final_redhat_00020.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-5.SP6_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.15-5.GA_redhat_00003.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-4.redhat_00008.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-6.redhat_00008.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-3.redhat_00008.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:1.7.2-20.Final_redhat_00021.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:4.1.63-6.Final_redhat_00004.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-6.SP7_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.16-3.GA_redhat_00003.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.11.9-2.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:800.3.1-2.GA_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.14-2.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.3-13.GA_redhat_00007.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.11.9-2.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:800.3.1-2.GA_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.14-2.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.3-13.GA_redhat_00007.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 3     cpe:/a:redhat:camel_spring_boot:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2024-08-07 00:00
    Credits
    Red Hat would like to thank BfC for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7885",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T15:21:22.416004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T15:21:42.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-11T22:03:18.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20241011-0004/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/undertow-io/undertow",
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "versions": [
                {
                  "lessThan": "2.2.36.Final",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.17.Final",
                  "status": "affected",
                  "version": "2.3.0.Alpha1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhboac_hawtio:4.0.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:3.20.7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.4.2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 4.4.2 for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-apache-commons-beanutils",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-1.redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hornetq",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.11-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jboss-server-migration",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.2-19.Final_redhat_00020.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.41-5.SP6_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.15-5.GA_redhat_00003.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-4.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-4.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-databind",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-6.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-jaxrs-providers",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-4.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-modules-base",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-6.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-modules-java8",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-3.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jboss-server-migration",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.2-20.Final_redhat_00021.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.63-6.Final_redhat_00004.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.41-6.SP7_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.16-3.GA_redhat_00003.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-2.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.18-1.GA_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-2.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.18-1.GA_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-2.SP2_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.18-1.GA_redhat_00003.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-amazon-ion-java",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.9-2.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:800.3.1-2.GA_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.14-2.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.3-13.GA_redhat_00007.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-amazon-ion-java",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.9-2.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:800.3.1-2.GA_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.14-2.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.3-13.GA_redhat_00007.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:3"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank BfC for reporting this issue."
            }
          ],
          "datePublic": "2024-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-19T03:51:37.166Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:11023",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:11023"
            },
            {
              "name": "RHSA-2024:6508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6508"
            },
            {
              "name": "RHSA-2024:6883",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6883"
            },
            {
              "name": "RHSA-2024:7441",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7441"
            },
            {
              "name": "RHSA-2024:7442",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7442"
            },
            {
              "name": "RHSA-2024:7735",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7735"
            },
            {
              "name": "RHSA-2024:7736",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7736"
            },
            {
              "name": "RHSA-2024:8080",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8080"
            },
            {
              "name": "RHSA-2025:16667",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:16667"
            },
            {
              "name": "RHSA-2026:0743",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0743"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-7885"
            },
            {
              "name": "RHBZ#2305290",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305290"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-16T09:00:41.686Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-08-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: improper state management in proxy protocol parsing causes information leakage",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-7885",
        "datePublished": "2024-08-21T14:13:36.579Z",
        "dateReserved": "2024-08-16T15:35:47.357Z",
        "dateUpdated": "2026-01-19T03:51:37.166Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5971 (GCVE-0-2024-5971)

    Vulnerability from nvd – Published: 2024-07-08 20:51 – Updated: 2025-11-07 20:40
    VLAI
    Title
    Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket
    Summary
    A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:4392 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4884 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5143 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5144 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5145 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5147 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6508 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6883 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-5971 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2292211 issue-trackingx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2024082…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.2.34.Final (custom)
    Affected: 2.3.0.Alpha1 , < 2.3.15.Final (custom)
    Red Hat Red Hat build of Apache Camel 3.20.7 for Spring Boot     cpe:/a:redhat:apache_camel_spring_boot:3.20.7
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2     cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 4.4.2 for Spring Boot     cpe:/a:redhat:apache_camel_spring_boot:4.4.2
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.2.33-1.SP1_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.2.33-1.SP1_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.2.33-1.SP1_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 3     cpe:/a:redhat:camel_spring_boot:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2024-07-08 20:46
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:48:10.532625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T14:48:19.006Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-28T15:02:51.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:4392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4392"
              },
              {
                "name": "RHSA-2024:4884",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4884"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-5971"
              },
              {
                "name": "RHBZ#2292211",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20240828-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/undertow-io/undertow",
              "packageName": "undertow",
              "versions": [
                {
                  "lessThan": "2.2.34.Final",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.15.Final",
                  "status": "affected",
                  "version": "2.3.0.Alpha1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:3.20.7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.4::el6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.4.2"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat build of Apache Camel 4.4.2 for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-1.SP1_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-1.SP1_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-1.SP1_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:3"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-07-08T20:46:55.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\\r\\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-07T20:40:28.397Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:4392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4392"
            },
            {
              "name": "RHSA-2024:4884",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4884"
            },
            {
              "name": "RHSA-2024:5143",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5143"
            },
            {
              "name": "RHSA-2024:5144",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5144"
            },
            {
              "name": "RHSA-2024:5145",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5145"
            },
            {
              "name": "RHSA-2024:5147",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5147"
            },
            {
              "name": "RHSA-2024:6508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6508"
            },
            {
              "name": "RHSA-2024:6883",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6883"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-5971"
            },
            {
              "name": "RHBZ#2292211",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-13T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-07-08T20:46:55.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-674: Uncontrolled Recursion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-5971",
        "datePublished": "2024-07-08T20:51:29.223Z",
        "dateReserved": "2024-06-13T13:50:13.855Z",
        "dateUpdated": "2025-11-07T20:40:28.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7885 (GCVE-0-2024-7885)

    Vulnerability from cvelistv5 – Published: 2024-08-21 14:13 – Updated: 2026-01-19 03:51
    VLAI
    Title
    Undertow: improper state management in proxy protocol parsing causes information leakage
    Summary
    A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:11023 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6508 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6883 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7441 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7442 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7735 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7736 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:8080 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:16667 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0743 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-7885 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2305290 issue-trackingx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2024101…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.2.36.Final (custom)
    Affected: 2.3.0.Alpha1 , < 2.3.17.Final (custom)
    Red Hat HawtIO 4.0.0 for Red Hat build of Apache Camel 4     cpe:/a:redhat:rhboac_hawtio:4.0.0
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 3.20.7 for Spring Boot     cpe:/a:redhat:apache_camel_spring_boot:3.20.7
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 4.4.2 for Spring Boot     cpe:/a:redhat:apache_camel_spring_boot:4.4.2
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:1.11.0-1.redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.4.11-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:1.7.2-19.Final_redhat_00020.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-5.SP6_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.15-5.GA_redhat_00003.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-4.redhat_00008.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-6.redhat_00008.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-3.redhat_00008.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:1.7.2-20.Final_redhat_00021.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:4.1.63-6.Final_redhat_00004.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-6.SP7_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.16-3.GA_redhat_00003.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.11.9-2.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:800.3.1-2.GA_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.14-2.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.3-13.GA_redhat_00007.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.11.9-2.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:800.3.1-2.GA_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.14-2.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.3-13.GA_redhat_00007.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 3     cpe:/a:redhat:camel_spring_boot:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2024-08-07 00:00
    Credits
    Red Hat would like to thank BfC for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7885",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T15:21:22.416004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T15:21:42.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-11T22:03:18.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20241011-0004/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/undertow-io/undertow",
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "versions": [
                {
                  "lessThan": "2.2.36.Final",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.17.Final",
                  "status": "affected",
                  "version": "2.3.0.Alpha1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhboac_hawtio:4.0.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:3.20.7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.4.2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 4.4.2 for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-apache-commons-beanutils",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-1.redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hornetq",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.11-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jboss-server-migration",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.2-19.Final_redhat_00020.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.41-5.SP6_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.15-5.GA_redhat_00003.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-4.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-4.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-databind",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-6.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-jaxrs-providers",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-4.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-modules-base",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-6.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jackson-modules-java8",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.4-3.redhat_00008.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-jboss-server-migration",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.2-20.Final_redhat_00021.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.63-6.Final_redhat_00004.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.41-6.SP7_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.16-3.GA_redhat_00003.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-2.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.18-1.GA_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-2.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.18-1.GA_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-2.SP2_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.18-1.GA_redhat_00003.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-amazon-ion-java",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.9-2.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:800.3.1-2.GA_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.14-2.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.3-13.GA_redhat_00007.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-amazon-ion-java",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.9-2.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:800.3.1-2.GA_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.14-2.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.3-13.GA_redhat_00007.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:3"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank BfC for reporting this issue."
            }
          ],
          "datePublic": "2024-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-19T03:51:37.166Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:11023",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:11023"
            },
            {
              "name": "RHSA-2024:6508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6508"
            },
            {
              "name": "RHSA-2024:6883",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6883"
            },
            {
              "name": "RHSA-2024:7441",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7441"
            },
            {
              "name": "RHSA-2024:7442",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7442"
            },
            {
              "name": "RHSA-2024:7735",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7735"
            },
            {
              "name": "RHSA-2024:7736",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7736"
            },
            {
              "name": "RHSA-2024:8080",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8080"
            },
            {
              "name": "RHSA-2025:16667",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:16667"
            },
            {
              "name": "RHSA-2026:0743",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0743"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-7885"
            },
            {
              "name": "RHBZ#2305290",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305290"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-16T09:00:41.686Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-08-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: improper state management in proxy protocol parsing causes information leakage",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-7885",
        "datePublished": "2024-08-21T14:13:36.579Z",
        "dateReserved": "2024-08-16T15:35:47.357Z",
        "dateUpdated": "2026-01-19T03:51:37.166Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5971 (GCVE-0-2024-5971)

    Vulnerability from cvelistv5 – Published: 2024-07-08 20:51 – Updated: 2025-11-07 20:40
    VLAI
    Title
    Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket
    Summary
    A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:4392 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4884 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5143 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5144 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5145 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5147 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6508 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6883 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-5971 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2292211 issue-trackingx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2024082…
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.2.34.Final (custom)
    Affected: 2.3.0.Alpha1 , < 2.3.15.Final (custom)
    Red Hat Red Hat build of Apache Camel 3.20.7 for Spring Boot     cpe:/a:redhat:apache_camel_spring_boot:3.20.7
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2     cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 4.4.2 for Spring Boot     cpe:/a:redhat:apache_camel_spring_boot:4.4.2
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.2.33-1.SP1_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.2.33-1.SP1_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.2.33-1.SP1_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 3     cpe:/a:redhat:camel_spring_boot:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2024-07-08 20:46
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:48:10.532625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T14:48:19.006Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-28T15:02:51.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:4392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4392"
              },
              {
                "name": "RHSA-2024:4884",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4884"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-5971"
              },
              {
                "name": "RHBZ#2292211",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20240828-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/undertow-io/undertow",
              "packageName": "undertow",
              "versions": [
                {
                  "lessThan": "2.2.34.Final",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.15.Final",
                  "status": "affected",
                  "version": "2.3.0.Alpha1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:3.20.7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.4::el6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.4.2"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat build of Apache Camel 4.4.2 for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-1.SP1_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-1.SP1_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.33-1.SP1_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:3"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-07-08T20:46:55.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\\r\\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-07T20:40:28.397Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:4392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4392"
            },
            {
              "name": "RHSA-2024:4884",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4884"
            },
            {
              "name": "RHSA-2024:5143",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5143"
            },
            {
              "name": "RHSA-2024:5144",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5144"
            },
            {
              "name": "RHSA-2024:5145",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5145"
            },
            {
              "name": "RHSA-2024:5147",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5147"
            },
            {
              "name": "RHSA-2024:6508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6508"
            },
            {
              "name": "RHSA-2024:6883",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6883"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-5971"
            },
            {
              "name": "RHBZ#2292211",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-13T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-07-08T20:46:55.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-674: Uncontrolled Recursion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-5971",
        "datePublished": "2024-07-08T20:51:29.223Z",
        "dateReserved": "2024-06-13T13:50:13.855Z",
        "dateUpdated": "2025-11-07T20:40:28.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }