CVE-2024-3653 – A vulnerability was found in Undertow. This issue

CVE ID : CVE-2024-3653

Published : July 8, 2024, 10:15 p.m. | 1 hour, 6 minutes ago

Description : A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server’s config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2024-3653

Published : July 8, 2024, 10:15 p.m. | 1 hour, 6 minutes ago

Description : A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server’s config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…