CVE-2024-45687

{"id": "CVE-2024-45687", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-45687", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-21T17:16:04.924874Z"}}], "cvssMetricV40": [{"type": "Secondary", "source": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "affectedData": [{"vendor": "Payara Platform", "modules": ["Grizzly", "REST Management Interface"], "product": "Payara Server", "versions": [{"status": "affected", "version": "4.1.151", "versionType": "custom", "lessThanOrEqual": "4.1.2.191.51"}, {"status": "affected", "version": "5.20.0", "versionType": "semver", "lessThanOrEqual": "5.70.0"}, {"status": "affected", "version": "5.2020.2", "versionType": "semver", "lessThanOrEqual": "5.2022.5"}, {"status": "affected", "version": "6.2022.1", "versionType": "semver", "lessThanOrEqual": "6.2024.12"}, {"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.21.0"}], "defaultStatus": "unaffected"}, {"vendor": "Payara Platform", "modules": ["Grizzly"], "product": "Payara Micro", "versions": [{"status": "affected", "version": "4.1.152", "versionType": "custom", "lessThanOrEqual": "4.1.2.191.51"}, {"status": "affected", "version": "5.20.0", "versionType": "semver", "lessThanOrEqual": "5.70.0"}, {"status": "affected", "version": "5.2020.2", "versionType": "semver", "lessThanOrEqual": "5.2022.5"}, {"status": "affected", "version": "6.2022.1", "versionType": "semver", "lessThanOrEqual": "6.2024.12"}, {"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.21.0"}], "defaultStatus": "unaffected"}]}], "published": "2025-01-21T17:15:14.073", "references": [{"url": "https://docs.payara.fish/community/docs/6.2025.1/Release%20Notes/Release%20Notes%206.2025.1.html", "source": "769c9ae7-73c3-4e47-ae19-903170fc3eb8"}, {"url": "https://docs.payara.fish/enterprise/docs/5.71.0/Release%20Notes/Release%20Notes%205.71.0.html", "source": "769c9ae7-73c3-4e47-ae19-903170fc3eb8"}, {"url": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.22.0.html", "source": "769c9ae7-73c3-4e47-ae19-903170fc3eb8"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "description": [{"lang": "en", "value": "CWE-113"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de secuencias CRLF en encabezados HTTP ('Divisi\u00f3n de solicitud/respuesta HTTP') en Payara Platform Payara Server (Grizzly, m\u00f3dulos de interfaz de administraci\u00f3n REST), Payara Platform Payara Micro (m\u00f3dulos Grizzly) permite manipular el estado y suplantar la identidad. Este problema afecta a Payara Server: desde la versi\u00f3n 4.1.151 hasta la 4.1.2.191.51, desde la versi\u00f3n 5.20.0 hasta la 5.70.0, desde la versi\u00f3n 5.2020.2 hasta la 5.2022.5, desde la versi\u00f3n 6.2022.1 hasta la 6.2024.12, desde la versi\u00f3n 6.0.0 hasta la 6.21.0; Payara Micro: de 4.1.152 a 4.1.2.191.51, de 5.20.0 a 5.70.0, de 5.2020.2 a 5.2022.5, de 6.2022.1 a 6.2024.12, de 6.0.0 a 6.21.0."}], "lastModified": "2026-06-17T07:54:39.500", "sourceIdentifier": "769c9ae7-73c3-4e47-ae19-903170fc3eb8"}