Description

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk.

INFO

Published Date :

2024-10-08T16:26:13.413Z

Last Modified :

2025-11-21T07:28:36.663Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9622 vulnerability.

Vendors Products
Redhat
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jbosseapxp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9622.

URL Resource
https://access.redhat.com/security/cve/CVE-2024-9622 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2317179 cve-icon cve-icon
https://github.com/orgs/resteasy/discussions/4351 cve-icon cve-icon cve-icon
https://github.com/resteasy/resteasy cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-9622 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-9622 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact