CVE-2024-12397
📋 TL;DR
A parsing vulnerability in Quarkus-HTTP allows attackers to manipulate cookie values containing specific delimiter characters. This can lead to exfiltration of HttpOnly cookies or injection of arbitrary cookie values, potentially enabling unauthorized data access or modification. Organizations using affected Quarkus versions are impacted.
💻 Affected Systems
- Quarkus
- Red Hat build of Quarkus
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session tokens or authentication cookies, leading to complete account takeover, data theft, and unauthorized system modifications.
Likely Case
Session hijacking or privilege escalation through cookie manipulation, potentially compromising user accounts and sensitive data.
If Mitigated
Limited impact with proper network segmentation, WAF rules, and monitoring, though risk remains until patching.
🎯 Exploit Status
Exploitation requires sending specially crafted HTTP requests with malicious cookie values. No public exploit code identified in provided references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific Red Hat advisories for patched versions
Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-12397
Restart Required: Yes
Instructions:
1. Review Red Hat advisories RHSA-2025:0900, RHSA-2025:3018, RHSA-2025:8761 for applicable patches. 2. Update Quarkus to the patched version specified in the advisory. 3. Restart the Quarkus application to apply the fix.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rule
allBlock or sanitize HTTP requests containing suspicious cookie delimiter characters
Input Validation Filter
allImplement custom request filtering to reject or sanitize cookies with problematic characters
🧯 If You Can't Patch
- Implement strict network segmentation to limit access to vulnerable Quarkus applications
- Deploy a WAF with rules to detect and block malicious cookie manipulation attempts
🔍 How to Verify
Check if Vulnerable:
Check Quarkus version against affected ranges in Red Hat advisories. Review application logs for unusual cookie parsing errors.Check Version:
quarkus --version or check pom.xml for Quarkus versionVerify Fix Applied:
Confirm Quarkus version matches patched version from Red Hat advisory. Test with crafted cookie values to ensure proper parsing.📡 Detection & Monitoring
Log Indicators:
- Unusual cookie parsing errors
- HTTP requests with malformed cookie headers
- Unexpected cookie values in application logs
Network Indicators:
- HTTP requests containing cookies with unusual delimiter characters
- Multiple cookie manipulation attempts from single sources
SIEM Query:
source="quarkus" AND ("cookie parsing" OR "malformed cookie" OR "invalid cookie")