vulnerability
Red Hat JBoss EAP: CVE-2024-4109: Other
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 1 | (AV:N/AC:L/Au:N/C:N/I:N/A:N) | Dec 10, 2024 | Dec 20, 2024 | Jun 19, 2025 |
Severity
1
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:N)
Published
Dec 10, 2024
Added
Dec 20, 2024
Modified
Jun 19, 2025
Description
[REJECTED CVE] A vulnerability has been identified in the Undertow package where the readHpackString method may incorrectly reuse an HTTP request header value from a previous stream for a new request on the same HTTP/2 connection due to improper handling of the stringBuilder field. While this typically results in an error and connection termination, an attacker could potentially exploit this flaw to leak sensitive information between requests within the same connection.
Solution
red-hat-jboss-eap-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.