CVE-2024-1726

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1726

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

A

flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:1662
https://access.redhat.com/security/cve/CVE-2024-1726
https://bugzilla.redhat.com/show_bug.cgi?id=2265158
https://access.redhat.com/errata/RHSA-2024:1662
https://access.redhat.com/security/cve/CVE-2024-1726
https://bugzilla.redhat.com/show_bug.cgi?id=2265158
Configurations

No configuration.

History

21 Nov 2024, 08:51

Type Values Removed Values Added
Summary
  • (es) Se descubrió una falla en la implementación RESTEasy Reactive en Quarkus. Debido a que se realizan comprobaciones de seguridad para algunos endpoints JAX-RS después de la serialización, se consumen más recursos de procesamiento mientras se verifica la solicitud HTTP. En determinadas configuraciones, si un atacante tiene conocimiento de las rutas de solicitud POST, PUT o PATCH, puede identificar endpoints vulnerables y desencadenar un uso excesivo de recursos a medida que los endpoints procesan las solicitudes. Esto puede resultar en una denegación de servicio.
References () https://access.redhat.com/errata/RHSA-2024:1662 - () https://access.redhat.com/errata/RHSA-2024:1662 -
References () https://access.redhat.com/security/cve/CVE-2024-1726 - () https://access.redhat.com/security/cve/CVE-2024-1726 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2265158 - () https://bugzilla.redhat.com/show_bug.cgi?id=2265158 -

25 Apr 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-25 17:15

Updated : 2024-11-21 08:51

NVD link : CVE-2024-1726

Mitre link : CVE-2024-1726

CVE.ORG link : CVE-2024-1726

JSON object : View

Products Affected

No product.

CWE
CWE-281

Improper Preservation of Permissions