← volver
CVE-2025-9784

Undertow: undertow madeyoureset http/2 ddos vulnerability

CVSS 7.5 HIGHEPSS 2.2%CWE-404CWE-770
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
undertowRed Hat · Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8Red Hat · Red Hat build of Apache Camel - HawtIO 4Red Hat · Red Hat Data Grid 8Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Fuse 7Red Hat · Red Hat JBoss Enterprise Application PlatformRed Hat · Red Hat JBoss Enterprise Application Platform 7Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.0Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 8.1Red Hat · Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat · Red Hat Process Automation 7Red Hat · Red Hat Single Sign-On 7

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2025:23143https://access.redhat.com/errata/RHSA-2026:0383https://access.redhat.com/errata/RHSA-2026:0384https://access.redhat.com/errata/RHSA-2026:0386https://access.redhat.com/errata/RHSA-2026:3889https://access.redhat.com/errata/RHSA-2026:3891https://access.redhat.com/errata/RHSA-2026:3892https://access.redhat.com/errata/RHSA-2026:4915https://access.redhat.com/errata/RHSA-2026:4916https://access.redhat.com/errata/RHSA-2026:4917https://access.redhat.com/errata/RHSA-2026:4924https://access.redhat.com/security/cve/CVE-2025-9784