CVE-2024-12397
HIGH
7,4
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: none
Description
AI Translation Available
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with
certain value-delimiting characters in incoming requests. This issue could
allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie
values or spoof arbitrary additional cookie values, leading to unauthorized
data access or modification. The main threat from this flaw impacts data
confidentiality and integrity.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0040
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Non-Repudiation
Access Control
Potential Impacts:
Unexpected State
Hide Activities
Bypass Protection Mechanism
Applicable Platforms
Technologies:
Web Based, Web Server
https://access.redhat.com/errata/RHSA-2025:0900
https://access.redhat.com/errata/RHSA-2025:3018
https://access.redhat.com/errata/RHSA-2025:8761
https://access.redhat.com/security/cve/CVE-2024-12397
https://bugzilla.redhat.com/show_bug.cgi?id=2331298