Home > Vulnerability Database > CVE-2024-6162

Mend.io Vulnerability Database

CVE-2024-6162

Good to know:

Date: June 20, 2024

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.

Language: Java

Severity Score

7.5

Related Resources (9)

Url: https://access.redhat.com/errata/RHSA-2024:1194

Url: https://issues.redhat.com/browse/JBEAP-26268

Url: https://github.com/undertow-io/undertow

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2293069

Url: https://access.redhat.com/errata/RHSA-2024:4386

Url: https://access.redhat.com/security/cve/CVE-2024-6162

Url: https://access.redhat.com/errata/RHSA-2024:4884

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6162

Url: https://www.mend.io/vulnerability-database/CVE-2024-6162

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version io.undertow:undertow-core:2.3.14.Final

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6162

Good to know:

Date: June 20, 2024

Language: Java

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?