UBUNTU-CVE-2024-6162

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-6162

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6162.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-6162

Upstream

CVE-2024-6162

Published

2024-06-20T15:15:00Z

Modified

2025-09-08T16:58:55Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.

References

Affected packages

Ubuntu:22.04:LTS

undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@2.2.16-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.8-1

2.2.12-1

2.2.13-1

2.2.14-1

2.2.16-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.2.16-1",
            "binary_name": "libundertow-java"
        }
    ]
}

Ubuntu:24.04:LTS

undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@2.3.8-2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.8-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.3.8-2",
            "binary_name": "libundertow-java"
        }
    ]
}

Ubuntu:25.04

undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@2.3.18-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.8-2

2.3.18-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.3.18-1",
            "binary_name": "libundertow-java"
        }
    ]
}

Ubuntu:Pro:16.04:LTS

undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@1.3.16-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.4-1

1.3.5-1

1.3.7-1

1.3.11-1

1.3.16-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.3.16-1",
            "binary_name": "libundertow-java"
        }
    ]
}

Ubuntu:Pro:18.04:LTS

undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@1.4.23-3?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.20-1

1.4.21-1

1.4.22-1

1.4.23-1

1.4.23-2build1

1.4.23-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.4.23-3",
            "binary_name": "libundertow-java"
        }
    ]
}

Ubuntu:Pro:20.04:LTS

undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@2.0.29-1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.23-1

2.0.27-1

2.0.28-1

2.0.29-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.0.29-1",
            "binary_name": "libundertow-java"
        }
    ]
}