ГлавнаяУязвимости → CVE-2025-9784
7.5высокая

CVE-2025-9784

Описание

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

Затрагиваемое ПО
Redhat Build of apache camel for spring bootRedhat FuseRedhat Jboss enterprise application platformRedhat Jboss enterprise application platform expansion packRedhat Process automationRedhat Single sign-onRedhat UndertowRedhat Enterprise linux
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://access.redhat.com/errata/RHSA-2025:23143https://access.redhat.com/errata/RHSA-2026:0383https://access.redhat.com/errata/RHSA-2026:0384https://access.redhat.com/errata/RHSA-2026:0386https://access.redhat.com/errata/RHSA-2026:33371https://access.redhat.com/errata/RHSA-2026:33372https://access.redhat.com/errata/RHSA-2026:3889https://access.redhat.com/errata/RHSA-2026:3891