CVE-2025-9784

Опубликовано: 02 сент. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

Ссылки

https://access.redhat.com/security/cve/CVE-2025-9784
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2392306
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:build_of_apache_camel_for_spring_boot:-:*:*:*:*:*:*:*

cpe:2.3:a:redhat:fuse:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*

cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00249

Низкий

7.5 High

CVSS3

Дефекты

CWE-404

Связанные уязвимости

CVE-2025-9784

CVSS3: 7.5

ubuntu

15 дней назад

CVE-2025-9784

CVSS3: 7.5

redhat

16 дней назад

CVE-2025-9784

CVSS3: 7.5

debian

15 дней назад

A flaw was found in Undertow where malformed client requests can trigg ...

GHSA-95h4-w6j8-2rp8

CVSS3: 7.5

github

15 дней назад

Undertow MadeYouReset HTTP/2 DDoS Vulnerability

EPSS

Процентиль: 48%

0.00249

Низкий

7.5 High

CVSS3

Дефекты

CWE-404