Undertow ProxyProtocolReadListener StringBuilder reuse info-leak
CVE-2024-7885 Published on August 21, 2024

Undertow: improper state management in proxy protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-7885 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public.

Weakness Type

What is a Race Condition Vulnerability?

The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CVE-2024-7885 has been classified to as a Race Condition vulnerability or weakness.


Products Associated with CVE-2024-7885

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-7885 are published in these products:

Red Hat Undertow
 
Red Hat Jboss Enterprise Application Platform
 
Red Hat Single Sign On
 
Red Hat Jboss Fuse
 
Red Hat Process Automation
 
Red Hat Integration Camel K
 
Red Hat Data Grid
 
Red Hat Build Apache Camel Spring Boot
 
Red Hat Build Of Apache Camel Hawtio
 
Red Hat Build Of Keycloak
 
Oracle
 
Red Hat Rhboac Hawtio
 
Red Hat Apache Camel Spring Boot
 
Red Hat Jboss Enterprise Application Platform Eus
 
Red Hat Camel Spring Boot
 
Red Hat Apache Camel Hawtio
 
Red Hat Build Keycloak
 
Red Hat Quarkus
 
Red Hat Jboss Data Grid
 
Red Hat Integration
 
Red Hat Jbosseapxp
 
Red Hat Jboss Enterprise Bpms Platform
 
Red Hat Single Sign On
 

Exploit Probability

EPSS
10.96%
Percentile
93.26%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.