In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
History

Wed, 06 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Vendors & Products Redhat jboss Enterprise Application Platform

Wed, 25 Sep 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat camel Quarkus
CPEs cpe:/a:redhat:camel_quarkus:3.8
Vendors & Products Redhat
Redhat camel Quarkus

Fri, 13 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
References

Thu, 08 Aug 2024 13:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-07-19T08:50:43.766Z

Updated: 2024-09-13T17:05:12.209Z

Reserved: 2024-07-17T13:38:34.414Z

Link: CVE-2024-41172

cve-icon Vulnrichment

Updated: 2024-09-13T17:05:12.209Z

cve-icon NVD

Status : Modified

Published: 2024-07-19T09:15:05.640

Modified: 2024-11-21T09:32:20.520

Link: CVE-2024-41172

cve-icon Redhat

Severity : Low

Publid Date: 2024-07-19T00:00:00Z

Links: CVE-2024-41172 - Bugzilla