CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
10.9%
io.undertow: undertow-core is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of URL-encoded request paths for concurrent requests on the ajp-listener, which can cause the wrong path to be processed, potentially leading to Denial Of Service (DoS).
access.redhat.com/errata/RHSA-2024:1194
access.redhat.com/errata/RHSA-2024:4386
access.redhat.com/errata/RHSA-2024:4884
access.redhat.com/security/cve/CVE-2024-6162
bugzilla.redhat.com/show_bug.cgi?id=2293069
github.com/advisories/GHSA-9442-gm4v-r222
github.com/undertow-io/undertow/commit/90f202ada89b6d9883beed0f1fe10c99d470d9a8
issues.redhat.com/browse/JBEAP-26268