Description

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

INFO

Published Date :

2024-08-21T14:13:36.579Z

Last Modified :

2026-01-19T03:51:37.166Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-7885 vulnerability.

Vendors Products
Redhat
  • Apache Camel Hawtio
  • Apache Camel Spring Boot
  • Build Keycloak
  • Build Of Apache Camel - Hawtio
  • Build Of Apache Camel For Spring Boot
  • Build Of Keycloak
  • Camel Spring Boot
  • Data Grid
  • Integration
  • Integration Camel K
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Application Platform Eus
  • Jboss Enterprise Bpms Platform
  • Jboss Fuse
  • Jbosseapxp
  • Process Automation
  • Quarkus
  • Red Hat Single Sign On
  • Rhboac Hawtio
  • Single Sign-on
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7885.

URL Resource
https://access.redhat.com/errata/RHSA-2024:11023 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6508 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6883 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7441 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7442 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7735 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7736 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8080 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16667 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0743 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-7885 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2305290 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-7885 cve-icon
https://security.netapp.com/advisory/ntap-20241011-0004/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-7885 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact