← volver
CVE-2023-4639

Undertow: cookie smuggling/spoofing

CVSS 7.4 HIGHEPSS 1.1%CWE-444
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Productos afectados
Red Hat · Migration Toolkit for Applications 6Red Hat · Migration Toolkit for Runtimes 1 on RHEL 8Red Hat · Red Hat build of Apache Camel for Spring Boot 3Red Hat · Red Hat build of Apicurio RegistryRed Hat · Red Hat build of QuarkusRed Hat · Red Hat Data Grid 8Red Hat · Red Hat Decision Manager 7Red Hat · Red Hat Fuse 7Red Hat · Red Hat Integration Camel KRed Hat · Red Hat Integration Camel QuarkusRed Hat · Red Hat Integration Change Data CaptureRed Hat · Red Hat JBoss Data Grid 7Red Hat · Red Hat JBoss Enterprise Application Platform 6Red Hat · Red Hat JBoss Enterprise Application Platform 7Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat · Red Hat JBoss Enterprise Application Platform 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat · Red Hat JBoss Fuse 6Red Hat · Red Hat JBoss Fuse Service Works 6Red Hat · Red Hat Process Automation 7Red Hat · Red Hat Single Sign-On 7

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2024:1674https://access.redhat.com/errata/RHSA-2024:1675https://access.redhat.com/errata/RHSA-2024:1676https://access.redhat.com/errata/RHSA-2024:1677https://access.redhat.com/errata/RHSA-2024:2763https://access.redhat.com/errata/RHSA-2024:2764https://access.redhat.com/errata/RHSA-2024:3919https://access.redhat.com/security/cve/CVE-2023-4639https://bugzilla.redhat.com/show_bug.cgi?id=2166022https://security.netapp.com/advisory/ntap-20250207-0001/