CVE-2024-7885: 
Java vulnerability analysis and mitigation

A vulnerability (CVE-2024-7885) was discovered in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. The issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. This vulnerability was first disclosed on August 21, 2024, affecting various Red Hat products including JBoss Enterprise Application Platform, Apache Camel, and other systems using Undertow (NVD, Red Hat Advisory).

The vulnerability stems from improper state management in Proxy Protocol parsing where different requests may share the same StringBuilder instance. This implementation flaw occurs specifically in the ProxyProtocolReadListener component when handling multiple requests on a single HTTP connection. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely without requiring privileges or user interaction (NetApp Advisory).

The vulnerability can lead to information leakage between requests or responses, where values from previous requests or responses may be erroneously reused. While the issue primarily results in errors and connection termination, it creates a significant risk of data leakage in multi-request environments. The high severity rating indicates potential for substantial impact on system availability (Red Hat Bugzilla).

Multiple vendors have released security updates to address this vulnerability. Red Hat has issued several security advisories (RHSA) and patches for affected products, including JBoss Enterprise Application Platform 7.4 and 8.0, Apache Camel 3.20.7 and 4.4.2 for Spring Boot, and other affected systems. Users are advised to apply the available security updates (RHSA-2024:7735, RHSA-2024:6508).