目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2024-3884— Red Hat Undertow 输入验证错误漏洞

CVSS 7.5 · High EPSS 1.26% · P66

可能的 ATT&CK 技术 1AI

T1499 · Endpoint Denial of Service

影响版本矩阵 70

厂商产品版本范围状态
Red HatOpenShift Serverless全部unknown
Red HatRed Hat build of Apache Camel - HawtIO 4全部unknown
Red HatRed Hat build of Apache Camel 4 for Quarkus 3全部unknown
Red HatRed Hat build of Apache Camel for Spring Boot 3全部unknown
Red HatRed Hat build of Apache Camel for Spring Boot 4全部unknown
Red HatRed Hat build of Apicurio Registry 2全部unknown
Red HatRed Hat Build of Keycloak全部unknown
Red HatRed Hat build of OptaPlanner 8全部unknown
Red HatRed Hat build of Quarkus全部unknown
全部unknown
Red HatRed Hat Data Grid 8全部unknown
Red HatRed Hat Fuse 7全部unknown
Red HatRed Hat Integration Camel K 1全部unknown
Red HatRed Hat Integration Camel Quarkus 2全部unknown
Red HatRed Hat JBoss Data Grid 7全部unknown
Red HatRed Hat JBoss Enterprise Application Platform2.2.39.Final-redhat-00001< *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7全部affected
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:1.4.18-19.SP17_redhat_00001.1.ep7.el7< *unaffected
0:7.1.14-4.GA_redhat_00003.1.ep7.el7< *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:2.0.41-7.SP8_redhat_00001.1.el7eap< *unaffected
0:7.3.17-5.GA_redhat_00006.1.el7eap< *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 70:2.2.39-1.Final_redhat_00001.1.el7eap< *unaffected
0:7.4.24-4.GA_redhat_00002.1.el7eap< *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 80:2.2.39-1.Final_redhat_00001.1.el8eap< *unaffected
0:7.4.24-4.GA_redhat_00002.1.el8eap< *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 90:2.2.39-1.Final_redhat_00001.1.el9eap< *unaffected
0:7.4.24-4.GA_redhat_00002.1.el9eap< *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0全部unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 80:1.83.0-1.redhat_00001.1.el8eap< *unaffected
0:33.0.0-2.jre_redhat_00003.1.el8eap< *unaffected
0:4.0.6-1.redhat_00001.1.el8eap< *unaffected
0:1.0.0-3.redhat_00009.1.el8eap< *unaffected
0:2.0.2-1.Final_redhat_00001.1.el8eap< *unaffected
0:2.3.23-1.SP3_redhat_00001.1.el8eap< *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 90:1.83.0-1.redhat_00001.1.el9eap< *unaffected
0:33.0.0-2.jre_redhat_00003.1.el9eap< *unaffected
0:4.0.6-1.redhat_00001.1.el9eap< *unaffected
0:1.0.0-3.redhat_00009.1.el9eap< *unaffected
0:2.0.2-1.Final_redhat_00001.1.el9eap< *unaffected
0:2.3.23-1.SP3_redhat_00001.1.el9eap< *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1全部unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:4.0.10-1.redhat_00001.1.el8eap< *unaffected
0:1.82.0-1.redhat_00001.1.el8eap< *unaffected
0:801.3.0-1.GA_redhat_00001.1.el8eap< *unaffected
0:1.0.1-3.redhat_00003.1.el8eap< *unaffected
0:6.6.36-1.Final_redhat_00001.1.el8eap< *unaffected
0:4.0.2-1.Final_redhat_00001.1.el8eap< *unaffected
0:2.5.0-1.redhat_00001.1.el8eap< *unaffected
0:2.3.20-2.SP4_redhat_00001.1.el8eap< *unaffected
… +4 条更多
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:4.0.10-1.redhat_00001.1.el9eap< *unaffected
0:1.82.0-1.redhat_00001.1.el9eap< *unaffected
0:801.3.0-1.GA_redhat_00001.1.el9eap< *unaffected
0:1.0.1-3.redhat_00003.1.el9eap< *unaffected
0:6.6.36-1.Final_redhat_00001.1.el9eap< *unaffected
0:4.0.2-1.Final_redhat_00001.1.el9eap< *unaffected
0:2.5.0-1.redhat_00001.1.el9eap< *unaffected
0:2.3.20-2.SP4_redhat_00001.1.el9eap< *unaffected
… +4 条更多
Red HatRed Hat JBoss Enterprise Application Platform Expansion Pack全部unaffected
Red HatRed Hat JBoss Fuse Service Works 6全部unknown
Red HatRed Hat Process Automation 7全部unknown
Red HatRed Hat Single Sign-On 7全部unknown
Red Hatstreams for Apache Kafka全部unknown
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2024-3884 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
输入验证不恰当
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Red Hat Undertow 输入验证错误漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Red Hat Undertow是美国红帽(Red Hat)公司的一款基于Java的嵌入式Web服务器,是Wildfly(Java应用服务器)默认的Web服务器。 Red Hat Undertow存在输入验证错误漏洞,该漏洞源于解析大型表单数据编码时会导致内存不足问题,可能导致远程拒绝服务攻击。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
Red HatRed Hat JBoss Enterprise Application Platform 2.2.39.Final-redhat-00001 ~ * cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 0:1.4.18-19.SP17_redhat_00001.1.ep7.el7 ~ * cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 0:7.1.14-4.GA_redhat_00003.1.ep7.el7 ~ * cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 0:2.0.41-7.SP8_redhat_00001.1.el7eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 0:7.3.17-5.GA_redhat_00006.1.el7eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 0:2.2.39-1.Final_redhat_00001.1.el7eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 0:7.4.24-4.GA_redhat_00002.1.el7eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 0:2.2.39-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 0:7.4.24-4.GA_redhat_00002.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 0:2.2.39-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 0:7.4.24-4.GA_redhat_00002.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0-cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:1.83.0-1.redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:33.0.0-2.jre_redhat_00003.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:4.0.6-1.redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:1.0.0-3.redhat_00009.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:2.0.2-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 0:2.3.23-1.SP3_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:1.83.0-1.redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:33.0.0-2.jre_redhat_00003.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:4.0.6-1.redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:1.0.0-3.redhat_00009.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:2.0.2-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 0:2.3.23-1.SP3_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1-cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:4.0.10-1.redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:1.82.0-1.redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:801.3.0-1.GA_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:1.0.1-3.redhat_00003.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:6.6.36-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:4.0.2-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:2.5.0-1.redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:2.3.20-2.SP4_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:8.1.3-4.GA_redhat_00006.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:5.0.12-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:2.6.6-1.Final_redhat_00001.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 0:8.1.1-4.GA_redhat_00007.1.el8eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:4.0.10-1.redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:1.82.0-1.redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:801.3.0-1.GA_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:1.0.1-3.redhat_00003.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:6.6.36-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:4.0.2-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:2.5.0-1.redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:2.3.20-2.SP4_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:8.1.3-4.GA_redhat_00006.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:5.0.12-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:2.6.6-1.Final_redhat_00001.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 0:8.1.1-4.GA_redhat_00007.1.el9eap ~ * cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
Red HatOpenShift Serverless-cpe:/a:redhat:serverless:1
Red HatRed Hat build of Apache Camel 4 for Quarkus 3-cpe:/a:redhat:camel_quarkus:3
Red HatRed Hat build of Apache Camel for Spring Boot 3-cpe:/a:redhat:camel_spring_boot:3
Red HatRed Hat build of Apache Camel for Spring Boot 4-cpe:/a:redhat:camel_spring_boot:4
Red HatRed Hat build of Apache Camel - HawtIO 4-cpe:/a:redhat:apache_camel_hawtio:4
Red HatRed Hat build of Apicurio Registry 2-cpe:/a:redhat:service_registry:2
Red HatRed Hat Build of Keycloak-cpe:/a:redhat:build_keycloak:
Red HatRed Hat build of OptaPlanner 8-cpe:/a:redhat:optaplanner:::el6
Red HatRed Hat build of Quarkus-cpe:/a:redhat:quarkus:2
Red HatRed Hat build of Quarkus-cpe:/a:redhat:quarkus:3
Red HatRed Hat Data Grid 8-cpe:/a:redhat:jboss_data_grid:8
Red HatRed Hat Fuse 7-cpe:/a:redhat:jboss_fuse:7
Red HatRed Hat Integration Camel K 1-cpe:/a:redhat:integration:1
Red HatRed Hat Integration Camel Quarkus 2-cpe:/a:redhat:camel_quarkus:2
Red HatRed Hat JBoss Data Grid 7-cpe:/a:redhat:jboss_data_grid:7
Red HatRed Hat JBoss Enterprise Application Platform 7-cpe:/a:redhat:jboss_enterprise_application_platform:7
Red HatRed Hat JBoss Enterprise Application Platform Expansion Pack-cpe:/a:redhat:jbosseapxp
Red HatRed Hat JBoss Fuse Service Works 6-cpe:/a:redhat:jboss_fuse_service_works:6
Red HatRed Hat Process Automation 7-cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red HatRed Hat Single Sign-On 7-cpe:/a:redhat:red_hat_single_sign_on:7
Red Hatstreams for Apache Kafka-cpe:/a:redhat:amq_streams:1

二、漏洞 CVE-2024-3884 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2024-3884 的情报信息

登录查看更多情报信息。

CVE-2024-3884 厂商安全公告 (16)

IV. Related Vulnerabilities

V. Comments for CVE-2024-3884

暂无评论


发表评论