CVE-2023-4639

HIGH

Undertow - SSRF

Title source: llm

Description

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.

References (10)

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20250207-0001/

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2166022

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1674

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1675

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1676

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1677

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:2763

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:2764

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:3919

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2023-4639

Scores

CVSS v3 7.4

EPSS 0.0736

EPSS Percentile 91.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-444

Status published

Products (28)

io.undertow/undertow-core 2.3.0.Alpha1 - 2.3.11.FinalMaven

Red Hat/Migration Toolkit for Applications 6

Red Hat/Migration Toolkit for Runtimes 1 on RHEL 8 1.2-14

Red Hat/Migration Toolkit for Runtimes 1 on RHEL 8 1.2-15

Red Hat/Migration Toolkit for Runtimes 1 on RHEL 8 1.2-16

Red Hat/Migration Toolkit for Runtimes 1 on RHEL 8 1.2-23

Red Hat/Red Hat build of Apache Camel for Spring Boot 3

Red Hat/Red Hat build of Apicurio Registry

Red Hat/Red Hat build of Quarkus

Red Hat/Red Hat Data Grid 8

... and 18 more

Published Nov 17, 2024

Tracked Since Feb 18, 2026