Description

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.

INFO

Published Date :

2024-06-20T14:33:10.342Z

Last Modified :

2026-02-25T20:31:58.714Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6162 vulnerability.

Vendors Products
Redhat
  • Apache Camel Hawtio
  • Apache Camel Spring Boot
  • Build Keycloak
  • Camel Spring Boot
  • Integration
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Bpms Platform
  • Jboss Fuse
  • Jbosseapxp
  • Red Hat Single Sign On
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6162.

URL Resource
https://access.redhat.com/errata/RHSA-2024:1194 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4386 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4884 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-6162 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2293069 cve-icon cve-icon
https://issues.redhat.com/browse/JBEAP-26268 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-6162 cve-icon
https://security.netapp.com/advisory/ntap-20241129-0009/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-6162 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact