CVE-2024-45397

{"id": "CVE-2024-45397", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-10-11T15:15:04.690", "references": [{"url": "https://github.com/h2o/h2o/commit/15ed15a2efb83a77bb4baaa5a119e639c2f6898a", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/h2o/h2o/security/advisories/GHSA-jf2c-xjcp-wg4c", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://h2o.examp1e.net/configure/http3_directives.html", "tags": ["Product"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-290"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerability has been addressed in commit 15ed15a. Users may disable the use of TCP FastOpen and QUIC to mitigate the issue."}, {"lang": "es", "value": "h2o es un servidor HTTP compatible con HTTP/1.x, HTTP/2 y HTTP/3. Cuando se recibe una solicitud HTTP que utiliza datos tempranos TLS/1.3 sobre paquetes TCP Fast Open o QUIC 0-RTT y se utiliza el control de acceso basado en direcciones IP, el control de acceso no detecta ni proh\u00edbe las solicitudes HTTP transmitidas por paquetes con una direcci\u00f3n de origen falsificada. Este comportamiento permite a los atacantes de la red ejecutar solicitudes HTTP desde direcciones que, de otro modo, ser\u00edan rechazadas por el control de acceso basado en direcciones. La vulnerabilidad se ha abordado en el commit 15ed15a. Los usuarios pueden desactivar el uso de TCP FastOpen y QUIC para mitigar el problema."}], "lastModified": "2024-11-12T20:14:25.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7760480-4001-4F10-B91B-CF59236F1427", "versionEndExcluding": "2024-10-10"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}