CVE-2024-7885: Undertow: improper state management in proxy protocol parsing causes information leakage
First published: Fri Aug 16 2024(Updated: )
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/io.undertow:undertow-core | >=2.3.0.Alpha1<2.3.17.Final | 2.3.17.Final |
| maven/io.undertow:undertow-core | <2.2.36.Final | 2.2.36.Final |
| Hawt.io | ||
| Red Hat Build of Apache Camel for Spring Boot | ||
| Keycloak | ||
| Red Hat Data Grid | =8.0.0 | |
| Apache Camel | ||
| redhat jboss enterprise application platform | =7.0.0 | |
| redhat jboss enterprise application platform | =8.0.0 | |
| Red Hat JBoss Fuse | =7.0.0 | |
| Red Hat Process Automation Manager | =7.0 | |
| redhat single sign-on | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:6508
- https://access.redhat.com/errata/RHSA-2024:6883
- https://access.redhat.com/errata/RHSA-2024:7441
- https://access.redhat.com/errata/RHSA-2024:7442
- https://access.redhat.com/errata/RHSA-2024:7735
- https://access.redhat.com/errata/RHSA-2024:7736
- https://bugzilla.redhat.com/show_bug.cgi?id=2305290
- https://access.redhat.com/security/cve/CVE-2024-7885
- https://nvd.nist.gov/vuln/detail/CVE-2024-7885
- https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
- https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
- https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
- https://github.com/advisories/GHSA-9623-mqmm-5rcf (Advisory)
- https://access.redhat.com/errata/RHSA-2024:11023
- https://security.netapp.com/advisory/ntap-20241011-0004/
- https://security.netapp.com/advisory/ntap-20241011-0004
Frequently Asked Questions
What is the severity of CVE-2024-7885?
The severity of CVE-2024-7885 is classified as high due to potential information disclosure risks.
How do I fix CVE-2024-7885?
To fix CVE-2024-7885, upgrade to Undertow version 2.3.17.Final or 2.2.36.Final.
Which versions are affected by CVE-2024-7885?
CVE-2024-7885 affects Undertow versions from 2.3.0.Alpha1 up to 2.3.17.Final, and any versions prior to 2.2.36.Final.
What type of vulnerability is CVE-2024-7885?
CVE-2024-7885 is a vulnerability related to improper handling of input due to the reuse of a StringBuilder instance.
What software packages are impacted by CVE-2024-7885?
CVE-2024-7885 impacts various Red Hat software packages including JBoss, Data Grid, and Keycloak.
- agent/weakness
- agent/title
- agent/type
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-9623-mqmm-5rcf
- alias/CVE-2024-7885
- agent/software-canonical-lookup
- agent/references
- agent/trending
- collector/github-advisory
- agent/source
- collector/redhat-bugzilla
- source/Red Hat
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/maven
- vendor/redhat
- canonical/hawt.io
- canonical/red hat build of apache camel for spring boot
- canonical/keycloak
- canonical/red hat data grid
- version/red hat data grid/8.0.0
- canonical/apache camel
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/7.0.0
- version/redhat jboss enterprise application platform/8.0.0
- canonical/red hat jboss fuse
- version/red hat jboss fuse/7.0.0
- canonical/red hat process automation manager
- version/red hat process automation manager/7.0
- canonical/redhat single sign-on
- version/redhat single sign-on/7.0