7.5

CVE-2025-9784

Undertow: undertow madeyoureset http/2 ddos vulnerability

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.17% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://kb.cert.org/vuls/id/767506
https://access.redhat.com/security/cve/CVE-2025-9784
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2392306
Issue Tracking
https://github.com/undertow-io/undertow/pull/1778
https://issues.redhat.com/browse/UNDERTOW-2598
https://www.kb.cert.org/vuls/id/767506
https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final
https://access.redhat.com/errata/RHSA-2025:23143
https://access.redhat.com/errata/RHSA-2026:0384
https://access.redhat.com/errata/RHSA-2026:0386
https://access.redhat.com/errata/RHSA-2026:0383
https://access.redhat.com/errata/RHSA-2026:3889
https://access.redhat.com/errata/RHSA-2026:3891
https://access.redhat.com/errata/RHSA-2026:3892
https://access.redhat.com/errata/RHSA-2026:4915
https://access.redhat.com/errata/RHSA-2026:4916
https://access.redhat.com/errata/RHSA-2026:4917
https://access.redhat.com/errata/RHSA-2026:4924
https://access.redhat.com/errata/RHSA-2026:33371
https://access.redhat.com/errata/RHSA-2026:33372