How severe is CVE-2024-3653?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-3653?

This is classified as CWE-401, which is a common weakness in software security.

CVE-2024-3653

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-401

View all →

Vulnerability Description

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.

CVE-2019-12265

MEDIUM

CVSS:5.3(Medium)

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership ...

CWE-4012019

CVE-2019-4141

MEDIUM

CVSS:5.3(Medium)

IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clus...

CWE-4012019

CVE-2019-6647

MEDIUM

CVSS:5.3(Medium)

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under ra...

CWE-4012019