VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-tp84-pqr2-jufg

Essentials
Severities (117)
References (54)
Severity details (42)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-tp84-pqr2-jufg
Aliases	CVE-2024-7885 GHSA-9623-mqmm-5rcf
Summary	A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:11023
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:11023
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:11023
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:6508
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:6508
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:6508
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:6883
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:6883
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:6883
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:7441
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:7441
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:7441
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:7442
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:7442
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:7442
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:7735
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:7735
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:7735
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:7736
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:7736
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:7736
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2024-7885
generic_textual	HIGH	https://access.redhat.com/security/cve/CVE-2024-7885
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.02641	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.02641	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.02641	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.02777	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.04341	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.04341	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.04341	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.06089	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.06575	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.06575	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.06575	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.06575	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.06575	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.06575	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.06575	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.06575	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.0841	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.0841	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.0841	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.0841	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.0841	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.0841	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.11339	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.11339	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.11339	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.11339	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.11339	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.11339	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.11339	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.11339	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.11339	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.11339	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.14057	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.14057	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.14057	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.14057	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.14057	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.14057	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.14057	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.14057	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.14057	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.17614	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.17614	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.17614	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.17614	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.17614	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.17614	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.17614	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.17614	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.17614	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.17614	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.22039	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.22039	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.22039	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.22039	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.22039	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.22039	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.28035	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
epss	0.28035	https://api.first.org/data/v1/epss?cve=CVE-2024-7885
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2305290
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=2305290
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2305290
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-9623-mqmm-5rcf
cvssv3.1	7.5	https://github.com/undertow-io/undertow
generic_textual	HIGH	https://github.com/undertow-io/undertow
cvssv3.1	7.5	https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
generic_textual	HIGH	https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
cvssv3.1	7.5	https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
generic_textual	HIGH	https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
cvssv3.1	7.5	https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
generic_textual	HIGH	https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-7885
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-7885
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2024-7885
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20241011-0004
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20241011-0004

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:6508
		https://access.redhat.com/errata/RHSA-2024:7441
		https://access.redhat.com/errata/RHSA-2024:7442
		https://access.redhat.com/errata/RHSA-2024:7735
		https://access.redhat.com/errata/RHSA-2024:7736
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json
		https://access.redhat.com/security/cve/CVE-2024-7885
		https://api.first.org/data/v1/epss?cve=CVE-2024-7885
		https://bugzilla.redhat.com/show_bug.cgi?id=2305290
		https://github.com/undertow-io/undertow
		https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
		https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
		https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
		https://security.netapp.com/advisory/ntap-20241011-0004
		https://security.netapp.com/advisory/ntap-20241011-0004/
1082854		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854
cpe:2.3:a:redhat:build_of_apache_camel_for_spring_boot:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:build_of_apache_camel_for_spring_boot:-:::::::*
cpe:2.3:a:redhat:build_of_apache_camel_-_hawtio:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:build_of_apache_camel_-_hawtio:-:::::::*
cpe:2.3:a:redhat:build_of_keycloak:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:build_of_keycloak:-:::::::*
cpe:2.3:a:redhat:data_grid:8.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:data_grid:8.0.0:::::::*
cpe:2.3:a:redhat:integration_camel_k:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_camel_k:-:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:::::::*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_fuse:7.0.0:::::::*
cpe:2.3:a:redhat:process_automation:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:process_automation:7.0:::::::*
cpe:2.3:a:redhat:single_sign-on:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
cpe:/a:redhat:apache_camel_spring_boot:3.20.7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
cpe:/a:redhat:apache_camel_spring_boot:4.4.2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
cpe:/a:redhat:build_keycloak:		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:build_keycloak:22		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:camel_spring_boot:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
cpe:/a:redhat:integration:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
cpe:/a:redhat:jboss_data_grid:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_data_grid:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
cpe:/a:redhat:jbosseapxp		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:jboss_enterprise_application_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
cpe:/a:redhat:jboss_enterprise_bpms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_fuse:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:quarkus:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
cpe:/a:redhat:red_hat_single_sign_on:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
cpe:/a:redhat:rhboac_hawtio:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4
cpe:/a:redhat:rhboac_hawtio:4.0.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0
CVE-2024-7885		https://nvd.nist.gov/vuln/detail/CVE-2024-7885
GHSA-9623-mqmm-5rcf		https://github.com/advisories/GHSA-9623-mqmm-5rcf
RHSA-2024:11023		https://access.redhat.com/errata/RHSA-2024:11023
RHSA-2024:6883		https://access.redhat.com/errata/RHSA-2024:6883

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:11023

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:11023

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:6508

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:6508

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:6883

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:6883

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:7441

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:7441

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:7442

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:7442

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:7735

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:7735

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:7736

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:7736

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-7885

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ Found at https://access.redhat.com/security/cve/CVE-2024-7885

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2305290

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2305290

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-7885

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-7885

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20241011-0004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.41975
EPSS Score	0.00098
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-09-17T19:12:27.733354+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-7885	34.0.1