vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-9622): RESTEasy vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Oct 8, 2024	Mar 14, 2025	Aug 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Oct 8, 2024

Added

Mar 14, 2025

Modified

Aug 18, 2025

Description

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk.

Solutions

ubuntu-pro-upgrade-libresteasy-javaubuntu-pro-upgrade-libresteasy3-0-java

References

CVE-2024-9622
https://attackerkb.com/topics/CVE-2024-9622
CWE-444
UBUNTU-USN-7351-1
UBUNTU-USN-7630-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today