Home > Vulnerability Database > CVE-2024-45687

Mend.io Vulnerability Database

CVE-2024-45687

Good to know:

Date: January 21, 2025

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0.

Severity Score

3.2

Related Resources (5)

Url: https://docs.payara.fish/community/docs/6.2025.1/Release%20Notes/Release%20Notes%206.2025.1.html

Url: https://docs.payara.fish/enterprise/docs/5.71.0/Release%20Notes/Release%20Notes%205.71.0.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45687

Url: https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.22.0.html

Url: https://www.mend.io/vulnerability-database/CVE-2024-45687

Severity Score

3.2

Weakness Type (CWE)

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-113

Top Fix

Upgrade Version

Upgrade to version org.glassfish.grizzly:grizzly-http:no_fix

Learn More

CVSS v3.1

Base Score:	3.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45687

Good to know:

Date: January 21, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?