vulnerability
Red Hat JBoss EAP: CVE-2024-4109: Other
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 1 | (AV:N/AC:L/Au:N/C:N/I:N/A:N) | Dec 10, 2024 | Dec 20, 2024 | Jun 19, 2025 |
Severity
1
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:N)
Published
Dec 10, 2024
Added
Dec 20, 2024
Modified
Jun 19, 2025
Description
[REJECTED CVE] A vulnerability has been identified in the Undertow package where the readHpackString method may incorrectly reuse an HTTP request header value from a previous stream for a new request on the same HTTP/2 connection due to improper handling of the stringBuilder field. While this typically results in an error and connection termination, an attacker could potentially exploit this flaw to leak sensitive information between requests within the same connection.
Solution
red-hat-jboss-eap-upgrade-latest
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.