Undertow DC-2023-4639: Incorrect Cookie Parsing Vulnerability

2024-11-19

Platform: Undertow

Version:

Affected: >= 2.3.0.Alpha1, < 2.3.11.Final

Affected: < 2.2.30.Final

Patched: 2.3.11.Final

Patched: 2.2.30.Final

Vulnerability: Incorrect Cookie Parsing

Severity: High

Date:

Published (NVD): Nov 17, 2024

Published (GitHub): Nov 17, 2024

Reviewed: Nov 18, 2024

Last Updated: Nov 18, 2024

What Undertow Says:

Undertow contains a vulnerability where it incorrectly parses cookies with specific delimiters in their values. This allows attackers to potentially steal sensitive data (HttpOnly cookies) or inject fake cookies. This vulnerability can lead to unauthorized access or modification of user data. Upgrading to Undertow versions 2.3.11.Final or 2.2.30.Final is recommended to address this issue.

References:

Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top