CVE-2024-45687
Published: Jan 21, 2025
Modified: Feb 12, 2025
Description
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0.
| Vendor | Product | Versions |
|---|---|---|
Payara Platform | Payara Server | affected 4.1.151 - <= 4.1.2.191.51affected 5.20.0 - <= 5.70.0affected 5.2020.2 - <= 5.2022.5affected 6.2022.1 - <= 6.2024.12affected 6.0.0 - <= 6.21.0 |
Payara Platform | Payara Micro | affected 4.1.152 - <= 4.1.2.191.51affected 5.20.0 - <= 5.70.0affected 5.2020.2 - <= 5.2022.5affected 6.2022.1 - <= 6.2024.12affected 6.0.0 - <= 6.21.0 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now