CVE-2024-24791
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
- T
Tim Bastin detected CVE-2024-24791 with a risk of 2.6
System updated the risk assessment from 2.6 to 1.3
System recalculated raw risk assessment
- T
Tim Bastin fixed CVE-2024-24791
- T
Tim Bastin detected CVE-2024-24791 with a risk of 2.6
System updated the risk assessment from 2.6 to 1.3
System recalculated raw risk assessment
System updated the risk assessment from 1.3 to 2.6
System recalculated raw risk assessment
System removed scanner:
System removed scanner:
System removed scanner:
- T
Tim Bastin fixed CVE-2024-24791
System detected CVE-2024-24791 with a risk of 2.6
- T
Tim Bastin fixed CVE-2024-24791
System detected CVE-2024-24791 with a risk of 2.6
Add a comment
Affected component
stdlib