CVE-2024-4027
Description
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.
CWE
- CWE-20 — Improper Input Validation
Affected
- Red Hat / OpenShift Serverless —
- Red Hat / Red Hat build of Apache Camel 4 for Quarkus 3 —
- Red Hat / Red Hat build of Apache Camel for Spring Boot 3 —
- Red Hat / Red Hat build of Apache Camel for Spring Boot 4 —
- Red Hat / Red Hat build of Apache Camel - HawtIO 4 —
- Red Hat / Red Hat build of Apicurio Registry 2 —
- Red Hat / Red Hat Build of Keycloak —
- Red Hat / Red Hat build of OptaPlanner 8 —
- Red Hat / Red Hat build of Quarkus —
- Red Hat / Red Hat build of Quarkus —
- Red Hat / Red Hat Data Grid 8 —
- Red Hat / Red Hat Fuse 7 —
- Red Hat / Red Hat Integration Camel K 1 —
- Red Hat / Red Hat JBoss Data Grid 7 —
- Red Hat / Red Hat JBoss Enterprise Application Platform 7 —
- Red Hat / Red Hat JBoss Enterprise Application Platform 8 —
- Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack —
- Red Hat / Red Hat JBoss Fuse Service Works 6 —
- Red Hat / Red Hat Process Automation 7 —
- Red Hat / Red Hat Single Sign-On 7 —
- Red Hat / streams for Apache Kafka —
CVSS
- 3.1 score=7.5 severity=HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
- https://access.redhat.com/security/cve/CVE-2024-4027 vdb-entry, x_refsource_REDHAT
- https://bugzilla.redhat.com/show_bug.cgi?id=2276410 issue-tracking, x_refsource_REDHAT
Source
cvelistV5-main/cves/2024/4xxx/CVE-2024-4027.json