Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2024-5971

Disclosure Date: July 08, 2024
CVE-2024-5971
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Red Hat build of Apache Camel 3.20.7 for Spring Boot not down converted
Red Hat build of Apache Camel 4.4.1 for Spring Boot not down converted
Red Hat build of Apache Camel 4.4.2 for Spring Boot not down converted
Red Hat JBoss Enterprise Application Platform 7 not down converted
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 not down converted
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 not down converted
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 not down converted
Red Hat JBoss Enterprise Application Platform 8 not down converted
Red Hat build of Apache Camel for Spring Boot 3 not down converted
Red Hat build of Apache Camel - HawtIO not down converted
Red Hat Build of Keycloak not down converted
Red Hat build of Quarkus not down converted
Red Hat Data Grid 8 not down converted
Red Hat Fuse 7 not down converted
Red Hat Integration Camel K not down converted
Red Hat JBoss Data Grid 7 not down converted
Red Hat JBoss Enterprise Application Platform Expansion Pack not down converted
Red Hat Process Automation 7 not down converted
Red Hat Single Sign-On 7 not down converted
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • Red Hat

Products

  • Red Hat build of Apache Camel 3.20.7 for Spring Boot,
  • Red Hat build of Apache Camel 4.4.1 for Spring Boot,
  • Red Hat build of Apache Camel 4.4.2 for Spring Boot,
  • Red Hat JBoss Enterprise Application Platform 7,
  • Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8,
  • Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9,
  • Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7,
  • Red Hat JBoss Enterprise Application Platform 8,
  • Red Hat build of Apache Camel for Spring Boot 3,
  • Red Hat build of Apache Camel - HawtIO,
  • Red Hat Build of Keycloak,
  • Red Hat build of Quarkus,
  • Red Hat Data Grid 8,
  • Red Hat Fuse 7,
  • Red Hat Integration Camel K,
  • Red Hat JBoss Data Grid 7,
  • Red Hat JBoss Enterprise Application Platform Expansion Pack,
  • Red Hat Process Automation 7,
  • Red Hat Single Sign-On 7
Technical Analysis