vulnerability

Red Hat: CVE-2024-1481: freeipa: specially crafted HTTP requests potentially lead to denial of service (Multiple Advisories)

Try Surface Command
Back to search
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Apr 10, 2024
Added
May 1, 2024
Modified
Sep 15, 2025

Description

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

Solutions

no-fix-redhat-rpm-packageredhat-upgrade-bind-dyndb-ldapredhat-upgrade-bind-dyndb-ldap-debuginforedhat-upgrade-bind-dyndb-ldap-debugsourceredhat-upgrade-custodiaredhat-upgrade-ipa-clientredhat-upgrade-ipa-client-commonredhat-upgrade-ipa-client-debuginforedhat-upgrade-ipa-client-epnredhat-upgrade-ipa-client-sambaredhat-upgrade-ipa-commonredhat-upgrade-ipa-debuginforedhat-upgrade-ipa-debugsourceredhat-upgrade-ipa-healthcheckredhat-upgrade-ipa-healthcheck-coreredhat-upgrade-ipa-python-compatredhat-upgrade-ipa-selinuxredhat-upgrade-ipa-serverredhat-upgrade-ipa-server-commonredhat-upgrade-ipa-server-debuginforedhat-upgrade-ipa-server-dnsredhat-upgrade-ipa-server-trust-adredhat-upgrade-ipa-server-trust-ad-debuginforedhat-upgrade-opendnssecredhat-upgrade-opendnssec-debuginforedhat-upgrade-opendnssec-debugsourceredhat-upgrade-python3-custodiaredhat-upgrade-python3-ipaclientredhat-upgrade-python3-ipalibredhat-upgrade-python3-ipaserverredhat-upgrade-python3-ipatestsredhat-upgrade-python3-jwcryptoredhat-upgrade-python3-kdcproxyredhat-upgrade-python3-pyusbredhat-upgrade-python3-qrcoderedhat-upgrade-python3-qrcode-coreredhat-upgrade-python3-yubicoredhat-upgrade-slapi-nisredhat-upgrade-slapi-nis-debuginforedhat-upgrade-slapi-nis-debugsourceredhat-upgrade-softhsmredhat-upgrade-softhsm-debuginforedhat-upgrade-softhsm-debugsourceredhat-upgrade-softhsm-devel

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today