CVE-2024-4109 - Vulnerability Details

Red Hat Product Security has determined that this CVE is not a security vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Jboss Enterprise Application Platform

No data.

Package	CPE	Advisory	Released Date
Red Hat JBoss Enterprise Application Platform 7.4.20
undertow	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2024:10933	2024-12-10T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-activemq-artemis-0:2.16.0-19.redhat_00053.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-byte-buddy-0:1.11.12-3.redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-jaxen-0:1.1.6-15.redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-jboss-ejb-client-0:4.0.56-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-40.Final_redhat_00040.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-jbossws-cxf-0:5.4.13-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-log4j-jboss-logmanager-0:1.3.1-2.Final_redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-28.SP12_redhat_00017.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-resteasy-0:3.15.10-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-undertow-0:2.2.37-1.SP2_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-wildfly-0:7.4.20-2.GA_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-wildfly-http-client-0:1.1.18-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
eap7-woodstox-core-0:6.4.0-2.redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:10928	2024-12-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-activemq-artemis-0:2.16.0-19.redhat_00053.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-byte-buddy-0:1.11.12-3.redhat_00003.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-jaxen-0:1.1.6-15.redhat_00003.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-jboss-ejb-client-0:4.0.56-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-40.Final_redhat_00040.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-jbossws-cxf-0:5.4.13-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-log4j-jboss-logmanager-0:1.3.1-2.Final_redhat_00003.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-28.SP12_redhat_00017.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-resteasy-0:3.15.10-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-undertow-0:2.2.37-1.SP2_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-wildfly-0:7.4.20-2.GA_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-wildfly-http-client-0:1.1.18-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
eap7-woodstox-core-0:6.4.0-2.redhat_00003.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:10929	2024-12-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-activemq-artemis-0:2.16.0-19.redhat_00053.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-byte-buddy-0:1.11.12-3.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-jaxen-0:1.1.6-15.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-jboss-ejb-client-0:4.0.56-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-40.Final_redhat_00040.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-jbossws-cxf-0:5.4.13-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-log4j-jboss-logmanager-0:1.3.1-2.Final_redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-28.SP12_redhat_00017.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-resteasy-0:3.15.10-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-undertow-0:2.2.37-1.SP2_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-wildfly-0:7.4.20-2.GA_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-wildfly-http-client-0:1.1.18-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
eap7-woodstox-core-0:6.4.0-2.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:10927	2024-12-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8
	cpe:/a:redhat:jboss_enterprise_application_platform:8.0	RHSA-2024:11570	2024-12-19T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
eap8-activemq-artemis-0:2.33.0-2.redhat_00016.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-angus-activation-0:2.0.2-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-apache-commons-lang-0:3.14.0-3.redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-atinject-0:2.0.1-3.redhat_00006.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-azure-storage-0:8.6.6-4.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-commons-logging-jboss-logging-0:1.0.0-2.Final_redhat_1.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-eap-product-conf-parent-0:800.5.0-1.GA_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-ecj-1:3.31.0-2.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-expressly-0:5.0.0-5.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-hal-console-0:3.6.20-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-hibernate-0:6.2.32-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-hornetq-0:2.4.10-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jakarta-activation-0:2.1.3-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jakarta-xml-bind-api-0:4.0.2-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jansi-0:1.18.0-2.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-javaee-security-soteria-0:3.0.0-3.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jboss-ejb-client-0:5.0.8-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jboss-marshalling-0:2.1.6-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jboss-weld-api-0:5.0.0-4.SP3_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jbossws-cxf-0:7.3.0-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jctools-0:4.0.5-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jsonb-spec-0:3.0.1-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-narayana-0:6.0.4-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-netty-0:4.1.114-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-netty-transport-native-epoll-0:4.1.114-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-parsson-0:1.1.7-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-resteasy-0:6.2.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-undertow-0:2.3.18-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-undertow-jastow-0:2.2.8-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-vdx-0:1.1.6-3.redhat_1.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-wildfly-0:8.0.5-3.GA_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-wildfly-elytron-0:2.2.7-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-wildfly-elytron-ee-0:3.0.3-2.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-yasson-0:3.0.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
eap8-activemq-artemis-0:2.33.0-2.redhat_00016.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-angus-activation-0:2.0.2-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-apache-commons-lang-0:3.14.0-3.redhat_00007.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-atinject-0:2.0.1-3.redhat_00006.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-azure-storage-0:8.6.6-4.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-commons-logging-jboss-logging-0:1.0.0-2.Final_redhat_1.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-eap-product-conf-parent-0:800.5.0-1.GA_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-ecj-1:3.31.0-2.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-expressly-0:5.0.0-5.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-hal-console-0:3.6.20-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-hibernate-0:6.2.32-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-hornetq-0:2.4.10-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jakarta-activation-0:2.1.3-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jakarta-xml-bind-api-0:4.0.2-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jansi-0:1.18.0-2.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-javaee-security-soteria-0:3.0.0-3.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jboss-ejb-client-0:5.0.8-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jboss-marshalling-0:2.1.6-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jboss-weld-api-0:5.0.0-4.SP3_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jbossws-cxf-0:7.3.0-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jctools-0:4.0.5-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jsonb-spec-0:3.0.1-1.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-narayana-0:6.0.4-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-netty-0:4.1.114-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-netty-transport-native-epoll-0:4.1.114-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-parsson-0:1.1.7-1.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-resteasy-0:6.2.11-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-undertow-0:2.3.18-1.SP1_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-undertow-jastow-0:2.2.8-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-vdx-0:1.1.6-3.redhat_1.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-wildfly-0:8.0.5-3.GA_redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-wildfly-elytron-0:2.2.7-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-wildfly-elytron-ee-0:3.0.3-2.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-yasson-0:3.0.4-1.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z

References

Link	Providers
https://github.com/undertow-io/undertow/pull/1668#
https://nvd.nist.gov/vuln/detail/CVE-2024-4109
https://www.cve.org/CVERecord?id=CVE-2024-4109

History

Thu, 13 Feb 2025 00:45:00 +0000

Type	Values Removed	Values Added
References		https://github.com/undertow-io/undertow/pull/1668#
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` threat_severity `Moderate`	cvssV3_1 `{'score': 0.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'}` threat_severity `None`

Thu, 16 Jan 2025 22:45:00 +0000

Type	Values Removed	Values Added
References	https://access.redhat.com/errata/RHSA-2024:10927 https://access.redhat.com/errata/RHSA-2024:10928 https://access.redhat.com/errata/RHSA-2024:10929 https://access.redhat.com/errata/RHSA-2024:10933 https://access.redhat.com/errata/RHSA-2024:11559 https://access.redhat.com/errata/RHSA-2024:11560 https://access.redhat.com/errata/RHSA-2024:11570 https://access.redhat.com/security/cve/CVE-2024-4109 https://bugzilla.redhat.com/show_bug.cgi?id=2272325
Metrics	cvssV3_1 `{'score': 0.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'}`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Thu, 16 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Title	Undertow: information leakage via http/2 request header reuse	undertow: information leakage via HTTP/2 request header reuse
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 16 Jan 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description	A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.	Red Hat Product Security has determined that this CVE is not a security vulnerability.

Thu, 16 Jan 2025 20:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:/a:redhat:build_keycloak: cpe:/a:redhat:camel_spring_boot:3 cpe:/a:redhat:camel_spring_boot:4 cpe:/a:redhat:integration:1 cpe:/a:redhat:jboss_data_grid:7 cpe:/a:redhat:jboss_data_grid:8 cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:red_hat_single_sign_on:7 cpe:/a:redhat:rhboac_hawtio:4
Vendors & Products	Redhat build Keycloak Redhat camel Spring Boot Redhat integration Redhat jboss Data Grid Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On Redhat rhboac Hawtio
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`	cvssV3_1 `{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'}`

Thu, 19 Dec 2024 16:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform:8.0 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
References		https://access.redhat.com/errata/RHSA-2024:11560 https://access.redhat.com/errata/RHSA-2024:11570

Thu, 19 Dec 2024 15:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:jboss_enterprise_application_platform:8~~	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
References		https://access.redhat.com/errata/RHSA-2024:11559

Tue, 17 Dec 2024 11:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:jboss_enterprise_application_platform:7~~
References		https://access.redhat.com/errata/RHSA-2024:10927 https://access.redhat.com/errata/RHSA-2024:10928 https://access.redhat.com/errata/RHSA-2024:10929 https://access.redhat.com/errata/RHSA-2024:10933

Mon, 16 Dec 2024 02:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform:7.4 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9

Thu, 12 Dec 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Dec 2024 13:45:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-4109 https://www.cve.org/CVERecord?id=CVE-2024-4109
Metrics	threat_severity `None`	threat_severity `Moderate`

Thu, 12 Dec 2024 09:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.
Title		Undertow: information leakage via http/2 request header reuse
First Time appeared		Redhat Redhat build Keycloak Redhat camel Spring Boot Redhat integration Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On Redhat rhboac Hawtio
Weaknesses		CWE-200
CPEs		cpe:/a:redhat:build_keycloak: cpe:/a:redhat:camel_spring_boot:3 cpe:/a:redhat:camel_spring_boot:4 cpe:/a:redhat:integration:1 cpe:/a:redhat:jboss_data_grid:7 cpe:/a:redhat:jboss_data_grid:8 cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:red_hat_single_sign_on:7 cpe:/a:redhat:rhboac_hawtio:4
Vendors & Products		Redhat Redhat build Keycloak Redhat camel Spring Boot Redhat integration Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On Redhat rhboac Hawtio
References		https://access.redhat.com/security/cve/CVE-2024-4109 https://bugzilla.redhat.com/show_bug.cgi?id=2272325
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: REJECTED

Assigner: redhat

Published: 2024-12-12T09:04:50.299Z

Updated: 2025-01-16T21:48:39.856Z

Reserved: 2024-04-24T00:55:26.417Z

Link: CVE-2024-4109

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-12-12T09:15:06.207

Modified: 2025-01-16T22:15:40.107

Link: CVE-2024-4109

Redhat

Severity :

Publid Date: 2024-12-10T16:35:00Z

Links: CVE-2024-4109 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object