Overview
- Description
- A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
- Source
- secalert@redhat.com
- NVD status
- Received
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.4
- Impact score
- 5.2
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- secalert@redhat.com
- CWE-444
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CVE-2023-4639 Cookie Parsing Vulnerability in Undertow Threatens Data Confidentiality and Integrity There is a problem in Undertow. It does not handle cookies correctly when requests have certain characters in th... https://t.co/GISW9bXhZI
@VulmonFeeds
17 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-4639 A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to cons… https://t.co/Ah8y6dhFq1
@CVEnew
17 Nov 2024
470 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes