CVE-2024-5971
CVE-2024-5971
Título es
CVE-2024-5971
Lun, 08/07/2024 – 21:15
Tipo
CWE-674
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-5971
Descripción en
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.
08/07/2024
08/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Gravedad 3.1 (CVSS 3.1 Base Score)
7.50
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
Enviar en el boletín
Off
