CVE-2024-1481

MEDIUM

Red Hat Enterprise Linux 8 - Denial of Service via Crafted HTTP Request Parameters

Title source: llm

Description

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

References (6)

Core 6

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/03/msg00026.html

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/FKTET3PAOMCHBXUUY37X556PVA3DFQES/

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2262169

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:2147

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:3044

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-1481

Scores

CVSS v3 5.3

EPSS 0.0035

EPSS Percentile 57.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (4)

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8 8100020240307184541.6d180cd9

Red Hat/Red Hat Enterprise Linux 8 8100020240307185118.fc00487d

Red Hat/Red Hat Enterprise Linux 9 0:4.11.0-9.el9_4

Published Apr 10, 2024

Tracked Since Feb 18, 2026