7.5
CVE-2026-3260
- EPSS 0.64%
- Veröffentlicht 24.03.2026 04:11:16
- Zuletzt bearbeitet 08.04.2026 19:11:02
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Build Of Apache Camel - Hawtio Version4.0
Redhat ≫ Build Of Apache Camel For Spring Boot Version4.0
Redhat ≫ Jboss Enterprise Application Platform Version7.0.0
Redhat ≫ Jboss Enterprise Application Platform Version8.0.0
Redhat ≫ Process Automation Version7.0
Redhat ≫ Single Sign-on Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.707 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| secalert@redhat.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.