Vulnerability in Red Hat Eap 8.0.1
CVE-2024-6162
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneo…
EPSS: 0.020 (84.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Red Hat Eap 8.0.1
- Red Hat Build Of Apache Camel 4.4.1 For Spring Boot 3.2
- Red Hat Build Of Apache Camel For Spring Boot 3
- Red Hat Build Of Apache Camel - Hawtio 4
- Red Hat Build Of Keycloak
- Red Hat Data Grid 8
- Red Hat Fuse 7
- Red Hat Integration Camel K 1
- Red Hat Jboss Data Grid 7
- Red Hat Jboss Enterprise Application Platform 7
Weakness classification (CWE)
Public proof-of-concept exploits
References
- RHSA-2024:1194 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2024:4386 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2024:4884 (vendor-advisory, x_refsource_REDHAT)
- access.redhat.com/security/cve/CVE-2024-6162 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2293069 (issue-tracking, x_refsource_REDHAT)
- issues.redhat.com/browse/JBEAP-26268
Frequently asked questions
- What is CVE-2024-6162?
- CVE-2024-6162 is a high-severity vulnerability in Red Hat Eap 8.0.1, classified under CWE-488. CVSS score: 7.5/10. Published 2024-06-20.
- How severe is CVE-2024-6162?
- High severity. CVSS v3 base score is 7.5 out of 10.
- Is CVE-2024-6162 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.