{"uuid": "0629f365-5228-4fab-9b16-46ef5ae4b1d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45687", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2427", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45687\n\ud83d\udd39 Description: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0.\n\ud83d\udccf Published: 2025-01-21T16:35:43.932Z\n\ud83d\udccf Modified: 2025-01-21T16:35:43.932Z\n\ud83d\udd17 References:\n1. https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.22.0.html\n2. https://docs.payara.fish/enterprise/docs/5.71.0/Release%20Notes/Release%20Notes%205.71.0.html\n3. https://docs.payara.fish/community/docs/6.2025.1/Release%20Notes/Release%20Notes%206.2025.1.html", "creation_timestamp": "2025-01-21T17:00:45.000000Z"}