{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T18:51:57.781","vulnerabilities":[{"cve":{"id":"CVE-2024-45687","sourceIdentifier":"769c9ae7-73c3-4e47-ae19-903170fc3eb8","published":"2025-01-21T17:15:14.073","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0."},{"lang":"es","value":"Vulnerabilidad de neutralización incorrecta de secuencias CRLF en encabezados HTTP ('División de solicitud/respuesta HTTP') en Payara Platform Payara Server (Grizzly, módulos de interfaz de administración REST), Payara Platform Payara Micro (módulos Grizzly) permite manipular el estado y suplantar la identidad. Este problema afecta a Payara Server: desde la versión 4.1.151 hasta la 4.1.2.191.51, desde la versión 5.20.0 hasta la 5.70.0, desde la versión 5.2020.2 hasta la 5.2022.5, desde la versión 6.2022.1 hasta la 6.2024.12, desde la versión 6.0.0 hasta la 6.21.0; Payara Micro: de 4.1.152 a 4.1.2.191.51, de 5.20.0 a 5.70.0, de 5.2020.2 a 5.2022.5, de 6.2022.1 a 6.2024.12, de 6.0.0 a 6.21.0."}],"metrics":{"cvssMetricV40":[{"source":"769c9ae7-73c3-4e47-ae19-903170fc3eb8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.4,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"769c9ae7-73c3-4e47-ae19-903170fc3eb8","type":"Secondary","description":[{"lang":"en","value":"CWE-113"}]}],"references":[{"url":"https://docs.payara.fish/community/docs/6.2025.1/Release%20Notes/Release%20Notes%206.2025.1.html","source":"769c9ae7-73c3-4e47-ae19-903170fc3eb8"},{"url":"https://docs.payara.fish/enterprise/docs/5.71.0/Release%20Notes/Release%20Notes%205.71.0.html","source":"769c9ae7-73c3-4e47-ae19-903170fc3eb8"},{"url":"https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.22.0.html","source":"769c9ae7-73c3-4e47-ae19-903170fc3eb8"}]}}]}