CVE-2024-53990

Published Dec 2, 2024

Last updated 3 months ago

CVSS critical 9.2

Overview

Description
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie being used for another user's requests.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-287

Social media

Hype score
Not currently trending

  1. A critical vulnerability (CVE-2024-53990) in AsyncHttpClient endangers Java applications by mishandling cookies, risking unauthorized access. Upgrade to version 3.0.1 to mitigate risks. #AsyncHttpClient #JavaSecurity #CookieVulnerability #CybersecurityNe… https://t.co/GIZ5Hpkr25

    @TweetThreatNews

    8 Dec 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Threat Alert: CVE-2024-53990 (CVSS 9.2): AsyncHttpClient Vulnerability Puts Java Applications CVE-2024-53990 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/rNnyLzAaab #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    7 Dec 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Warning: Improper authentication vulnerability in #AsyncHttpClient (ACH) library. #CVE-2024-53990 CVSS: 9.2. Can result in cookie hijacking in multi-user services. More info: https://t.co/DbKszszefZ. If you use this library upstream, #Patch #Patch #Patch

    @CCBalert

    3 Dec 2024

    45 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-53990 The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, th… https://t.co/VIDgQWnpmt

    @CVEnew

    2 Dec 2024

    259 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References