CVE-2024-5971
Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.
| CWE | CWE-674 |
| Published | Jul 8, 2024 |
| Last Updated | Nov 7, 2025 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new high vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Red Hat / Red Hat build of Apache Camel 3.20.7 for Spring Boot
All versions affected Red Hat / Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2
All versions affected Red Hat / Red Hat build of Apache Camel 4.4.2 for Spring Boot
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8
All versions affected Red Hat / Red Hat build of Apache Camel for Spring Boot 3
All versions affected Red Hat / Red Hat build of Apache Camel - HawtIO 4
All versions affected Red Hat / Red Hat Build of Keycloak
All versions affected Red Hat / Red Hat build of Quarkus
All versions affected Red Hat / Red Hat Data Grid 8
All versions affected Red Hat / Red Hat Fuse 7
All versions affected Red Hat / Red Hat Integration Camel K 1
All versions affected Red Hat / Red Hat JBoss Data Grid 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected Red Hat / Red Hat Process Automation 7
All versions affected Red Hat / Red Hat Single Sign-On 7
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4392 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4884 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:5143 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:5144 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:5145 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:5147 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6508 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6883 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-5971 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2292211 security.netapp.com: https://security.netapp.com/advisory/ntap-20240828-0001/