Bug 2166022 (CVE-2023-4639) - CVE-2023-4639 undertow: Cookie Smuggling/Spoofing
Summary: CVE-2023-4639 undertow: Cookie Smuggling/Spoofing
Keywords:
Status: NEW
Alias: CVE-2023-4639
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2166023
TreeView+ depends on / blocked
 
Reported: 2023-01-31 17:54 UTC by Pedro Sampaio
Modified: 2025-01-02 08:27 UTC (History)
81 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:1674 0 None None None 2024-04-04 15:21:07 UTC
Red Hat Product Errata RHSA-2024:1675 0 None None None 2024-04-04 15:20:38 UTC
Red Hat Product Errata RHSA-2024:1676 0 None None None 2024-04-04 15:20:01 UTC
Red Hat Product Errata RHSA-2024:1677 0 None None None 2024-04-04 15:22:55 UTC
Red Hat Product Errata RHSA-2024:2763 0 None None None 2024-05-08 14:17:17 UTC
Red Hat Product Errata RHSA-2024:2764 0 None None None 2024-05-08 14:21:34 UTC
Red Hat Product Errata RHSA-2024:3919 0 None None None 2024-06-13 11:38:29 UTC

Description Pedro Sampaio 2023-01-31 17:54:54 UTC 
Problems with Undertow cookie parsing may lead to smuggling or spoofing of cookies in certain conditions.
Comment 2 Patrick Del Bello 2023-05-05 18:15:24 UTC 
*** Bug 2166023 has been marked as a duplicate of this bug. ***
Comment 13 errata-xmlrpc 2024-04-04 15:19:57 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2024:1676 https://access.redhat.com/errata/RHSA-2024:1676
Comment 14 errata-xmlrpc 2024-04-04 15:20:34 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2024:1675 https://access.redhat.com/errata/RHSA-2024:1675
Comment 15 errata-xmlrpc 2024-04-04 15:21:03 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2024:1674 https://access.redhat.com/errata/RHSA-2024:1674
Comment 16 errata-xmlrpc 2024-04-04 15:22:51 UTC 
This issue has been addressed in the following products:

  EAP 7.4.16

Via RHSA-2024:1677 https://access.redhat.com/errata/RHSA-2024:1677
Comment 19 errata-xmlrpc 2024-05-08 14:17:12 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:2763 https://access.redhat.com/errata/RHSA-2024:2763
Comment 20 errata-xmlrpc 2024-05-08 14:21:31 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Via RHSA-2024:2764 https://access.redhat.com/errata/RHSA-2024:2764
Comment 21 errata-xmlrpc 2024-06-13 11:38:24 UTC 
This issue has been addressed in the following products:

  Migration Toolkit for Runtimes 1 on RHEL 8

Via RHSA-2024:3919 https://access.redhat.com/errata/RHSA-2024:3919
Note You need to log in before you can comment on or make changes to this bug.