CVE-2024-6162

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6162

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6162.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-6162

Aliases

GHSA-9442-gm4v-r222

Related

UBUNTU-CVE-2024-6162

Published

2024-06-20T15:15:50Z

Modified

2025-01-09T04:50:38.091051Z

Summary

[none]

Details

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.

References

Affected packages

Debian:13 / undertow

Package

Name: undertow
Purl: pkg:deb/debian/undertow?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.4-1

1.3.5-1

1.3.7-1

1.3.11-1

1.3.16-1

1.3.19-1

1.3.21-1

1.3.23-1

1.4.0-1

1.4.1-1

1.4.3-1

1.4.4-1

1.4.6-1

1.4.7-1

1.4.8-1

1.4.18-1

1.4.20-1

1.4.21-1

1.4.21-2

1.4.22-1

1.4.23-1

1.4.23-2

1.4.23-3

1.4.25-1

1.4.25-2

2.*

2.0.23-1

2.0.25-1

2.0.26-1

2.0.27-1

2.0.28-1

2.0.29-1

2.0.30-1

2.1.0-1

2.1.1-1

2.1.3-1

2.2.0-1

2.2.2-1

2.2.3-1

2.2.4-1

2.2.5-1

2.2.8-1

2.2.10-1

2.2.12-1

2.2.13-1

2.2.14-1

2.2.16-1

2.2.17-1

2.2.18-1

2.2.19-1

2.2.20-1

2.2.21-1

2.3.8-1

2.3.8-2

2.3.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}