- Description
- A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.4
- Impact score
- 5.2
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
- secalert@redhat.com
- CWE-444
- Hype score
- Not currently trending
CVE-2023-4639 Cookie Parsing Vulnerability in Undertow Threatens Data Confidentiality and Integrity There is a problem in Undertow. It does not handle cookies correctly when requests have certain characters in th... https://t.co/GISW9bXhZI
@VulmonFeeds
17 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-4639 A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to cons… https://t.co/Ah8y6dhFq1
@CVEnew
17 Nov 2024
596 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes