CVE-2024-5971

7.5 HIGH
Published: July 08, 2024 Modified: April 15, 2026
View on NVD

Description

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4392
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:4884
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:5143
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:5144
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:5145
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:5147
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:6508
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:6883
Source: secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-5971
Source: secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2292211
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:4392
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2024:4884
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/security/cve/CVE-2024-5971
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.redhat.com/show_bug.cgi?id=2292211
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20240828-0001/
Source: af854a3a-2127-422b-91ae-364da2661108

15 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.5 / 10.0
EPSS (Exploit Probability)
3.7%
88th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-674

Related CVEs

CVE-2026-40962 4.9
CVE-2026-40505 3.3
CVE-2026-40504 9.8
CVE-2026-3299 6.4
CVE-2026-40960 8.1