cbcvebase.
CVE-2024-45687
published 2025-01-21

CVE-2024-45687: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST…

PriorityP412low2.4CVSS 4.0
AVLACLATNPRLUIAVCLVINVANSCLSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSNAUXRXVXREXUX
EPSS
0.22%
13.1th percentile
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0.

Affected

10 ranges
VendorProductVersion rangeFixed in
payara_platformpayara_micro4.1.152 – 4.1.2.191.51
payara_platformpayara_micro5.20.0 – 5.70.0
payara_platformpayara_micro5.2020.2 – 5.2022.5
payara_platformpayara_micro6.0.0 – 6.21.0
payara_platformpayara_micro6.2022.1 – 6.2024.12
payara_platformpayara_server4.1.151 – 4.1.2.191.51
payara_platformpayara_server5.20.0 – 5.70.0
payara_platformpayara_server5.2020.2 – 5.2022.5
payara_platformpayara_server6.0.0 – 6.21.0
payara_platformpayara_server6.2022.1 – 6.2024.12
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.