A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-400 |
Tue, 02 Sep 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-404 |
Tue, 02 Sep 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-400 | |
Metrics |
ssvc
|
Tue, 02 Sep 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS). |
Title | undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability | Undertow: undertow madeyoureset http/2 ddos vulnerability |
First Time appeared |
Redhat
Redhat apache Camel Hawtio Redhat camel Spring Boot Redhat enterprise Linux Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On |
|
CPEs | cpe:/a:redhat:apache_camel_hawtio:4 cpe:/a:redhat:camel_spring_boot:4 cpe:/a:redhat:jboss_data_grid:8 cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:red_hat_single_sign_on:7 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat apache Camel Hawtio Redhat camel Spring Boot Redhat enterprise Linux Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On |
|
References |
|
Mon, 01 Sep 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-09-02T14:40:05.123Z
Reserved: 2025-09-01T06:33:05.239Z
Link: CVE-2025-9784

Updated: 2025-09-02T13:59:07.537Z

Status : Awaiting Analysis
Published: 2025-09-02T14:15:36.593
Modified: 2025-09-02T15:55:25.420
Link: CVE-2025-9784


No data.