VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-urfc-w8hp-aaak

Essentials
Severities (124)
References (43)
Severity details (45)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-urfc-w8hp-aaak
Aliases	CVE-2024-5971 GHSA-xpp6-8r3j-ww43
Summary	undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-674	Uncontrolled Recursion
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:4392
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:4392
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:4392
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:4884
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:4884
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:4884
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5143
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:5143
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5143
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5143
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5144
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:5144
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5144
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5144
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5145
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:5145
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5145
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5145
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5147
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:5147
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5147
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5147
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:6508
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2024:6508
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:6508
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:6883
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:6883
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:6883
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5971.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2024-5971
generic_textual	HIGH	https://access.redhat.com/security/cve/CVE-2024-5971
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00891	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00891	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.00891	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.01253	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.01253	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.02303	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.02303	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.02303	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.12063	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.12063	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.12063	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.12063	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.12063	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.125	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.125	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.125	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.125	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.125	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.125	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.14864	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.14864	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.14864	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.16582	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.25979	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.25979	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.25979	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.25979	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.25979	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.25979	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.25979	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.25979	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.25979	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.25979	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
epss	0.43527	https://api.first.org/data/v1/epss?cve=CVE-2024-5971
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2292211
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2292211
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-xpp6-8r3j-ww43
cvssv3.1	7.5	https://github.com/undertow-io/undertow
generic_textual	HIGH	https://github.com/undertow-io/undertow
cvssv3.1	7.5	https://github.com/undertow-io/undertow/pull/1638
generic_textual	HIGH	https://github.com/undertow-io/undertow/pull/1638
cvssv3.1	7.5	https://github.com/undertow-io/undertow/pull/1640
generic_textual	HIGH	https://github.com/undertow-io/undertow/pull/1640
cvssv3.1	7.5	https://github.com/undertow-io/undertow/pull/1641
generic_textual	HIGH	https://github.com/undertow-io/undertow/pull/1641
cvssv3.1	7.5	https://issues.redhat.com/browse/UNDERTOW-2413
generic_textual	HIGH	https://issues.redhat.com/browse/UNDERTOW-2413

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:4392
		https://access.redhat.com/errata/RHSA-2024:4884
		https://access.redhat.com/errata/RHSA-2024:6508
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5971.json
		https://access.redhat.com/security/cve/CVE-2024-5971
		https://api.first.org/data/v1/epss?cve=CVE-2024-5971
		https://github.com/undertow-io/undertow
		https://github.com/undertow-io/undertow/pull/1638
		https://github.com/undertow-io/undertow/pull/1640
		https://github.com/undertow-io/undertow/pull/1641
		https://issues.redhat.com/browse/UNDERTOW-2413
		https://security.netapp.com/advisory/ntap-20240828-0001/
1077545		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077545
2292211		https://bugzilla.redhat.com/show_bug.cgi?id=2292211
cpe:/a:redhat:apache_camel_hawtio:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4
cpe:/a:redhat:apache_camel_spring_boot:3.20.7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7
cpe:/a:redhat:apache_camel_spring_boot:4.4.1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.1
cpe:/a:redhat:apache_camel_spring_boot:4.4.2		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2
cpe:/a:redhat:apache_camel_spring_boot:4.4::el6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4::el6
cpe:/a:redhat:build_keycloak:		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:build_keycloak:22		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:camel_spring_boot:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3
cpe:/a:redhat:integration:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
cpe:/a:redhat:jboss_data_grid:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_data_grid:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
cpe:/a:redhat:jbosseapxp		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:jboss_enterprise_application_platform:7.4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_bpms_platform:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_fuse:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:quarkus:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3
cpe:/a:redhat:red_hat_single_sign_on:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
cpe:/a:redhat:rhboac_hawtio:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4
CVE-2024-5971		https://nvd.nist.gov/vuln/detail/CVE-2024-5971
GHSA-xpp6-8r3j-ww43		https://github.com/advisories/GHSA-xpp6-8r3j-ww43
RHSA-2024:5143		https://access.redhat.com/errata/RHSA-2024:5143
RHSA-2024:5144		https://access.redhat.com/errata/RHSA-2024:5144
RHSA-2024:5145		https://access.redhat.com/errata/RHSA-2024:5145
RHSA-2024:5147		https://access.redhat.com/errata/RHSA-2024:5147
RHSA-2024:6883		https://access.redhat.com/errata/RHSA-2024:6883

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:4392

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/ Found at https://access.redhat.com/errata/RHSA-2024:4392

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:4884

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/ Found at https://access.redhat.com/errata/RHSA-2024:4884

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5143

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:5143

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/ Found at https://access.redhat.com/errata/RHSA-2024:5143

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5143

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5144

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:5144

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/ Found at https://access.redhat.com/errata/RHSA-2024:5144

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5144

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5145

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:5145

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/ Found at https://access.redhat.com/errata/RHSA-2024:5145

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5145

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:5147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/ Found at https://access.redhat.com/errata/RHSA-2024:5147

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5147

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:6508

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/ Found at https://access.redhat.com/errata/RHSA-2024:6508

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:6883

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:6883

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/ Found at https://access.redhat.com/errata/RHSA-2024:6883

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5971.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2024-5971

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/ Found at https://access.redhat.com/security/cve/CVE-2024-5971

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2292211

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2292211

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/pull/1638

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/pull/1640

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/pull/1641

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://issues.redhat.com/browse/UNDERTOW-2413

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.14083
EPSS Score	0.00044
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-07-09T04:08:19.167159+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5971.json	34.0.0rc4