Home > Vulnerability Database > CVE-2024-9622

Mend.io Vulnerability Database

CVE-2024-9622

Date: October 8, 2024

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk.

Language: Java

Severity Score

5.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-9622

Url: https://github.com/orgs/resteasy/discussions/4351

Url: https://access.redhat.com/security/cve/CVE-2024-9622

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2317179

Url: https://github.com/resteasy/resteasy

Url: https://www.mend.io/vulnerability-database/CVE-2024-9622

Severity Score

5.3

Weakness Type (CWE)

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CWE-444

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-9622

Date: October 8, 2024

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?