A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Thu, 19 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:apache_camel_spring_boot:3.20.7
References

Wed, 18 Sep 2024 07:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:build_keycloak:22 cpe:/a:redhat:build_keycloak:

Mon, 09 Sep 2024 22:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:apache_camel_spring_boot:4.4.2
References

Thu, 29 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 08 Aug 2024 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-07-08T20:51:29.223Z

Updated: 2024-11-15T21:04:09.370Z

Reserved: 2024-06-13T13:50:13.855Z

Link: CVE-2024-5971

cve-icon Vulnrichment

Updated: 2024-08-28T15:02:51.331Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-08T21:15:12.480

Modified: 2024-11-21T09:48:40.127

Link: CVE-2024-5971

cve-icon Redhat

Severity : Important

Publid Date: 2024-07-08T20:46:55Z

Links: CVE-2024-5971 - Bugzilla