Cookies vulnerability could lead to unauthorized data access or modification
CVE-2024-12397

7.4HIGH

Key Information:

Vendor: Red Hat
Status: Cryostat 3; Red Hat Build Of Apache Camel For Quarkus; Red Hat Build Of Apache Camel - Hawtio; Red Hat Build Of Apicurio Registry
Vendor: CVE Published:; 12 December 2024

Summary

A vulnerability in Quarkus-HTTP has been identified, where improper parsing of cookies occurs due to certain value-delimiting characters in HTTP requests. This issue enables attackers to create specially crafted cookie values that could facilitate the exfiltration of HttpOnly cookie values or allow the spoofing of arbitrary additional cookie values. These actions may lead to unauthorized access or alterations of sensitive data, significantly affecting the confidentiality and integrity of the data being handled.

References

https://access.redhat.com/security/cve/CVE-2024-12397

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2331298

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2024
Vulnerability Reserved
Dec 10, 2024