The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
History

Tue, 10 Dec 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhmt
CPEs cpe:/a:redhat:rhmt:1.8::el8
Vendors & Products Redhat rhmt

Wed, 04 Dec 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:container_native_virtualization:4.12::el8

Wed, 27 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat container Native Virtualization
CPEs cpe:/a:redhat:container_native_virtualization:4.13::el9
Vendors & Products Redhat container Native Virtualization

Fri, 22 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Api Data Protection
Redhat openshift Secondary Scheduler
Redhat rhel Els
CPEs cpe:/a:redhat:openshift_api_data_protection:1.3::el9
cpe:/a:redhat:openshift_secondary_scheduler:1.2::el9
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat openshift Api Data Protection
Redhat openshift Secondary Scheduler
Redhat rhel Els

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Fri, 08 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el8

Thu, 07 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8

Thu, 07 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el8

Thu, 31 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.15::el8

Fri, 25 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.16::el9

Thu, 24 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat logging
CPEs cpe:/a:redhat:logging:5.6::el8
cpe:/a:redhat:logging:5.8::el9
cpe:/a:redhat:logging:5.9::el9
cpe:/a:redhat:logging:6.0::el9
Vendors & Products Redhat logging

Wed, 23 Oct 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat kube Descheduler Operator
CPEs cpe:/a:redhat:kube_descheduler_operator:5.1::el9
Vendors & Products Redhat kube Descheduler Operator

Wed, 16 Oct 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift
Redhat run Once Duration Override Operator
CPEs cpe:/a:redhat:openshift:4.17::el9
cpe:/a:redhat:run_once_duration_override_operator:1.2::el9
Vendors & Products Redhat openshift
Redhat run Once Duration Override Operator

Fri, 04 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Go Standard Library
Go Standard Library net\/http
CPEs cpe:2.3:a:go_standard_library:net\/http:1.21.12:*:*:*:*:*:*:*
Vendors & Products Go Standard Library
Go Standard Library net\/http
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 01 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Custom Metrics Autoscaler
CPEs cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8
Vendors & Products Redhat openshift Custom Metrics Autoscaler

Wed, 25 Sep 2024 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat network Observ Optr
CPEs cpe:/a:redhat:network_observ_optr:1.6.0::el9
Vendors & Products Redhat network Observ Optr

Mon, 23 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
Redhat rhel Eus
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
Vendors & Products Redhat enterprise Linux
Redhat rhel Eus

Mon, 09 Sep 2024 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat cost Management
CPEs cpe:/a:redhat:cost_management:1::el8
Vendors & Products Redhat cost Management

Mon, 19 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat cryostat
CPEs cpe:/a:redhat:cryostat:3::el8
Vendors & Products Redhat
Redhat cryostat

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published: 2024-07-02T21:28:25.677Z

Updated: 2024-10-04T15:02:46.565Z

Reserved: 2024-01-30T16:05:14.758Z

Link: CVE-2024-24791

cve-icon Vulnrichment

Updated: 2024-10-04T15:02:46.565Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-02T22:15:04.833

Modified: 2024-11-21T08:59:43.013

Link: CVE-2024-24791

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-02T00:00:00Z

Links: CVE-2024-24791 - Bugzilla