Description

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.

INFO

Published Date :

2024-12-12T09:05:28.451Z

Last Modified :

2026-01-28T15:45:38.773Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-12397 vulnerability.

Vendors Products
Redhat
  • Amq Streams
  • Apache Camel Hawtio
  • Build Keycloak
  • Camel Quarkus
  • Cryostat
  • Integration
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Bpms Platform
  • Jboss Fuse
  • Jbosseapxp
  • Optaplanner
  • Quarkus
  • Service Registry
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12397.

URL Resource
https://access.redhat.com/errata/RHSA-2025:0900 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3018 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8761 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-12397 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2331298 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-12397 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-12397 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact