DNA View

CVE-2024-38809

Medium

Low Medium High Critical

5.3

CVSS Score

Published: Sep 27, 2024

Last Modified: Nov 21, 2024

CWE: CWE-400

Vulnerability Description

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.

Users of affected versions should upgrade to the corresponding fixed version.

Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Available Security Patches

1 patch available from vendors

View All Patches

Oracle

CPUJAN2025

Oracle Critical Patch Update Advisory - January 2025

Severity

Critical

Released

Jan 21, 2025

Restart Required

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

5.3

out of 10.0

Medium

Weakness Type (CWE)

CWE-400

Uncontrolled Resource Consumption

Description: The product does not properly control the allocation and maintenance of a limited resource.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class