A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 19 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Metrics |
ssvc
|
Thu, 19 Sep 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:apache_camel_spring_boot:3.20.7 | |
References |
|
Wed, 18 Sep 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:build_keycloak: |
Mon, 09 Sep 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:apache_camel_spring_boot:4.4.2 | |
References |
|
Thu, 29 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 08 Aug 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:7.4 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 |
|
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-07-08T20:51:29.223Z
Updated: 2024-11-15T21:04:09.370Z
Reserved: 2024-06-13T13:50:13.855Z
Link: CVE-2024-5971
Vulnrichment
Updated: 2024-08-28T15:02:51.331Z
NVD
Status : Awaiting Analysis
Published: 2024-07-08T21:15:12.480
Modified: 2024-11-21T09:48:40.127
Link: CVE-2024-5971
Redhat