CVE-2024-38809 | Severity.io

Description

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.

Related CPE's

Could not find any relations

References

https://spring.io/security/cve-2024-38809

https://security.netapp.com/advisory/ntap-20240920-0003/

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary

CWE-400

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-09-27T15:15:12.393Z

1 year ago

Last modified

2024-11-21T08:26:51.010Z

1 year ago