Cookies vulnerability could lead to unauthorized data access or modification

CVE-2024-12397

7.4HIGH

Key Information

Vendor: Red Hat
Status: Cryostat 3; Red Hat Build Of Apache Camel For Quarkus; Red Hat Build Of Apache Camel - Hawtio; Red Hat Build Of Apicurio Registry
Vendor: CVE Published:; 12 December 2024

Summary

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.

Refferences

https://access.redhat.com/security/cve/CVE-2024-12397

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2331298

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 12, 2024
Vulnerability Reserved.
Dec 10, 2024

Collectors

NVD DatabaseMitre Database