CVE-2024-12397
CVSS V2 None
CVSS V3 None
Description
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with
certain value-delimiting characters in incoming requests. This issue could
allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie
values or spoof arbitrary additional cookie values, leading to unauthorized
data access or modification. The main threat from this flaw impacts data
confidentiality and integrity.
Overview
- CVE ID
- CVE-2024-12397
- Assigner
- redhat
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-12T09:05:28.451Z
- Last Modified Date
- 2024-12-12T15:45:08.143Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2024-12397 | vdb-entry x_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331298 | issue-tracking x_refsource_REDHAT |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-12397 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12397 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-12-13 13:27:38 | Added to TrackCVE |