Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2024-5971

Disclosure Date: July 08, 2024
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • Red Hat

Products

  • Red Hat build of Apache Camel 3.20.7 for Spring Boot,
  • Red Hat build of Apache Camel 4.4.1 for Spring Boot,
  • Red Hat build of Apache Camel 4.4.2 for Spring Boot,
  • Red Hat JBoss Enterprise Application Platform 7,
  • Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8,
  • Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9,
  • Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7,
  • Red Hat JBoss Enterprise Application Platform 8,
  • Red Hat build of Apache Camel for Spring Boot 3,
  • Red Hat build of Apache Camel - HawtIO,
  • Red Hat Build of Keycloak,
  • Red Hat build of Quarkus,
  • Red Hat Data Grid 8,
  • Red Hat Fuse 7,
  • Red Hat Integration Camel K,
  • Red Hat JBoss Data Grid 7,
  • Red Hat JBoss Enterprise Application Platform Expansion Pack,
  • Red Hat Process Automation 7,
  • Red Hat Single Sign-On 7
Technical Analysis