Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N/A

Source -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2024-12397
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.32% / 54.65%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 09:05
Updated-04 Aug, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Enterprise Application Platform Expansion PackHawtIO HawtIO 4.2.0Red Hat build of OptaPlanner 8Red Hat Process Automation 7Red Hat build of Quarkus 3.15.3streams for Apache KafkaRed Hat build of Apache Camel 4 for Quarkus 3Red Hat JBoss Enterprise Application Platform 8Red Hat Build of KeycloakCryostat 4 on RHEL 9Red Hat build of Apicurio Registry 2Cryostat 3Red Hat Fuse 7Red Hat Integration Camel K 1
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')