CVE-2024-3653

Undertow: learningpushhandler can lead to remote memory dos attacks

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.

Se encontró una vulnerabilidad en Undertow. Este problema requiere habilitar el controlador de aprendizaje-push en la configuración del servidor, que está deshabilitado de forma predeterminada, dejando la configuración maxAge en el controlador sin configurar. El valor predeterminado es -1, lo que hace que el controlador sea vulnerable. Si alguien sobrescribe esa configuración, el servidor no está sujeto al ataque. El atacante debe poder llegar al servidor con una solicitud HTTP normal.

*Credits: Red Hat would like to thank Keke Lian, Haoran Zhao, and Yongheng Liu (Secsys Lab of Fudan University) for reporting this issue.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-04-11 CVE Reserved
2024-07-08 CVE Published
2024-08-13 EPSS Updated
2025-01-09 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (8)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2024:4392	2024-07-09
https://access.redhat.com/security/cve/CVE-2024-3653	2024-07-09
https://bugzilla.redhat.com/show_bug.cgi?id=2274437	2024-07-09
https://access.redhat.com/errata/RHSA-2024:5143	2025-01-09
https://access.redhat.com/errata/RHSA-2024:5144	2025-01-09
https://access.redhat.com/errata/RHSA-2024:5145	2025-01-09
https://access.redhat.com/errata/RHSA-2024:5147	2025-01-09
https://access.redhat.com/errata/RHSA-2024:6437	2025-01-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Amq Streams Search vendor "Redhat" for product "Amq Streams"				*		-		Affected
Redhat Search vendor "Redhat"		Build Keycloak Search vendor "Redhat" for product "Build Keycloak"				*		-		Affected
Redhat Search vendor "Redhat"		Build Of Optaplanner Search vendor "Redhat" for product "Build Of Optaplanner"				*		-		Affected
Redhat Search vendor "Redhat"		Build Of Quarkus Search vendor "Redhat" for product "Build Of Quarkus"				*		-		Affected
Redhat Search vendor "Redhat"		Camel Quarkus Search vendor "Redhat" for product "Camel Quarkus"				*		-		Affected
Redhat Search vendor "Redhat"		Camel Spring Boot Search vendor "Redhat" for product "Camel Spring Boot"				*		-		Affected
Redhat Search vendor "Redhat"		Data Grid Search vendor "Redhat" for product "Data Grid"				*		-		Affected
Redhat Search vendor "Redhat"		Integration Search vendor "Redhat" for product "Integration"				*		-		Affected
Redhat Search vendor "Redhat"		Integration Camel K Search vendor "Redhat" for product "Integration Camel K"				*		-		Affected
Redhat Search vendor "Redhat"		Integration Camel Quarkus Search vendor "Redhat" for product "Integration Camel Quarkus"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Data Grid Search vendor "Redhat" for product "Jboss Data Grid"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Bpms Platform Search vendor "Redhat" for product "Jboss Enterprise Bpms Platform"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Fuse Service Works Search vendor "Redhat" for product "Jboss Fuse Service Works"				*		-		Affected
Redhat Search vendor "Redhat"		Jbosseapxp Search vendor "Redhat" for product "Jbosseapxp"				*		-		Affected
Redhat Search vendor "Redhat"		Keycloak Search vendor "Redhat" for product "Keycloak"				*		-		Affected
Redhat Search vendor "Redhat"		Optaplanner Search vendor "Redhat" for product "Optaplanner"				*		-		Affected
Redhat Search vendor "Redhat"		Process Automation Search vendor "Redhat" for product "Process Automation"				*		-		Affected
Redhat Search vendor "Redhat"		Quarkus Search vendor "Redhat" for product "Quarkus"				*		-		Affected
Redhat Search vendor "Redhat"		Red Hat Single Sign On Search vendor "Redhat" for product "Red Hat Single Sign On"				*		-		Affected
Redhat Search vendor "Redhat"		Rhboac Hawtio Search vendor "Redhat" for product "Rhboac Hawtio"				*		-		Affected
Redhat Search vendor "Redhat"		Serverless Search vendor "Redhat" for product "Serverless"				*		-		Affected
Redhat Search vendor "Redhat"		Service Registry Search vendor "Redhat" for product "Service Registry"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Search vendor "Redhat" for product "Openshift"				*		-		Affected