CVE-2024-6162

Name of the Vulnerable Software and Affected Versions Undertow (affected versions not specified)

Description A vulnerability in Undertow's ajp-listener component is related to uncontrolled resource consumption due to incorrect decoding of request path information. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.