{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-9784", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-09-01T06:33:05.239Z", "datePublished": "2025-09-02T13:37:59.772Z", "dateUpdated": "2026-06-30T02:46:43.628Z" }, "containers": { "cna": { "title": "Undertow: undertow madeyoureset http/2 ddos vulnerability", "metrics": [ { "other": { "content": { "value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS)." } ], "affected": [ { "versions": [ { "status": "affected", "version": "0", "lessThan": "2.2.38.Final", "versionType": "semver" } ], "packageName": "undertow", "collectionURL": "https://github.com/undertow-io/undertow/", "defaultStatus": "unaffected" }, { "vendor": "Red Hat", "product": "Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "undertow-core", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:4.14" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "io.undertow/undertow-core", "defaultStatus": "affected", "versions": [ { "version": "2.2.39.Final-redhat-00001", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [ { "version": "0:1.4.18-21.SP19_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [ { "version": "0:2.0.41-8.SP9_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [ { "version": "0:2.2.39-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly", "defaultStatus": "affected", "versions": [ { "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [ { "version": "0:2.2.39-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly", "defaultStatus": "affected", "versions": [ { "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [ { "version": "0:2.2.39-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly", "defaultStatus": "affected", "versions": [ { "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "undertow-core", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-bouncycastle", "defaultStatus": "affected", "versions": [ { "version": "0:1.83.0-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-guava-libraries", "defaultStatus": "affected", "versions": [ { "version": "0:33.0.0-2.jre_redhat_00003.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-jaxb", "defaultStatus": "affected", "versions": [ { "version": "0:4.0.6-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-jcip-annotations", "defaultStatus": "affected", "versions": [ { "version": "0:1.0.0-3.redhat_00009.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-slf4j-jboss-logmanager", "defaultStatus": "affected", "versions": [ { "version": "0:2.0.2-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-undertow", "defaultStatus": "affected", "versions": [ { "version": "0:2.3.23-1.SP3_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-bouncycastle", "defaultStatus": "affected", "versions": [ { "version": "0:1.83.0-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-guava-libraries", "defaultStatus": "affected", "versions": [ { "version": "0:33.0.0-2.jre_redhat_00003.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-jaxb", "defaultStatus": "affected", "versions": [ { "version": "0:4.0.6-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-jcip-annotations", "defaultStatus": "affected", "versions": [ { "version": "0:1.0.0-3.redhat_00009.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-slf4j-jboss-logmanager", "defaultStatus": "affected", "versions": [ { "version": "0:2.0.2-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-undertow", "defaultStatus": "affected", "versions": [ { "version": "0:2.3.23-1.SP3_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "undertow-core", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-apache-cxf", "defaultStatus": "affected", "versions": [ { "version": "0:4.0.10-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-bouncycastle", "defaultStatus": "affected", "versions": [ { "version": "0:1.82.0-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-eap-product-conf-parent", "defaultStatus": "affected", "versions": [ { "version": "0:801.3.0-1.GA_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-eventstream", "defaultStatus": "affected", "versions": [ { "version": "0:1.0.1-3.redhat_00003.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-hibernate", "defaultStatus": "affected", "versions": [ { "version": "0:6.6.36-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-jboss-el-api_5.0_spec", "defaultStatus": "affected", "versions": [ { "version": "0:4.0.2-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-jboss-threads", "defaultStatus": "affected", "versions": [ { "version": "0:2.5.0-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-undertow", "defaultStatus": "affected", "versions": [ { "version": "0:2.3.20-2.SP4_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-wildfly", "defaultStatus": "affected", "versions": [ { "version": "0:8.1.3-4.GA_redhat_00006.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-wildfly-clustering", "defaultStatus": "affected", "versions": [ { "version": "0:5.0.12-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-wildfly-elytron", "defaultStatus": "affected", "versions": [ { "version": "0:2.6.6-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-wildfly-javadocs", "defaultStatus": "affected", "versions": [ { "version": "0:8.1.1-4.GA_redhat_00007.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-apache-cxf", "defaultStatus": "affected", "versions": [ { "version": "0:4.0.10-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-bouncycastle", "defaultStatus": "affected", "versions": [ { "version": "0:1.82.0-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-eap-product-conf-parent", "defaultStatus": "affected", "versions": [ { "version": "0:801.3.0-1.GA_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-eventstream", "defaultStatus": "affected", "versions": [ { "version": "0:1.0.1-3.redhat_00003.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-hibernate", "defaultStatus": "affected", "versions": [ { "version": "0:6.6.36-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-jboss-el-api_5.0_spec", "defaultStatus": "affected", "versions": [ { "version": "0:4.0.2-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-jboss-threads", "defaultStatus": "affected", "versions": [ { "version": "0:2.5.0-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-undertow", "defaultStatus": "affected", "versions": [ { "version": "0:2.3.20-2.SP4_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-wildfly", "defaultStatus": "affected", "versions": [ { "version": "0:8.1.3-4.GA_redhat_00006.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-wildfly-clustering", "defaultStatus": "affected", "versions": [ { "version": "0:5.0.12-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-wildfly-elytron", "defaultStatus": "affected", "versions": [ { "version": "0:2.6.6-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap8-wildfly-javadocs", "defaultStatus": "affected", "versions": [ { "version": "0:8.1.1-4.GA_redhat_00007.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected" } ], "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" ] }, { "vendor": "Red Hat", "product": "Red Hat build of Apache Camel - HawtIO 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow-core", "defaultStatus": "unaffected", "cpes": [ "cpe:/a:redhat:apache_camel_hawtio:4" ] }, { "vendor": "Red Hat", "product": "Red Hat Data Grid 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow-core", "defaultStatus": "affected", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "moditect", "defaultStatus": "unaffected", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pki-core:10.6/resteasy", "defaultStatus": "unaffected", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pki-deps:10.6/resteasy", "defaultStatus": "unaffected", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ] }, { "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "resteasy", "defaultStatus": "unaffected", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ] }, { "vendor": "Red Hat", "product": "Red Hat Fuse 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow-core", "defaultStatus": "affected", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow-core", "defaultStatus": "affected", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "org.jberet-jberet-parent", "defaultStatus": "unaffected", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "org.jboss.eap-jboss-eap-xp", "defaultStatus": "unaffected", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "org.jboss.eap-jboss-eap-xp", "defaultStatus": "affected", "cpes": [ "cpe:/a:redhat:jbosseapxp" ] }, { "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow-core", "defaultStatus": "unaffected", "cpes": [ "cpe:/a:redhat:jbosseapxp" ] }, { "vendor": "Red Hat", "product": "Red Hat Process Automation 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow-core", "defaultStatus": "affected", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ] }, { "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow-core", "defaultStatus": "affected", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ] } ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2025:23143", "name": "RHSA-2025:23143", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:0383", "name": "RHSA-2026:0383", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:0384", "name": "RHSA-2026:0384", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:0386", "name": "RHSA-2026:0386", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:33371", "name": "RHSA-2026:33371", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:33372", "name": "RHSA-2026:33372", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:3889", "name": "RHSA-2026:3889", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:3891", "name": "RHSA-2026:3891", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:3892", "name": "RHSA-2026:3892", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:4915", "name": "RHSA-2026:4915", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:4916", "name": "RHSA-2026:4916", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:4917", "name": "RHSA-2026:4917", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/errata/RHSA-2026:4924", "name": "RHSA-2026:4924", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ] }, { "url": "https://access.redhat.com/security/cve/CVE-2025-9784", "tags": [ "vdb-entry", "x_refsource_REDHAT" ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306", "name": "RHBZ#2392306", "tags": [ "issue-tracking", "x_refsource_REDHAT" ] }, { "url": "https://github.com/undertow-io/undertow/pull/1778" }, { "url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final" }, { "url": "https://issues.redhat.com/browse/UNDERTOW-2598" }, { "url": "https://kb.cert.org/vuls/id/767506" } ], "datePublic": "2025-09-01T06:21:54.614Z", "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling", "workarounds": [ { "lang": "en", "value": "No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability." } ], "timeline": [ { "lang": "en", "time": "2025-09-01T06:19:20.938Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2025-09-01T06:21:54.614Z", "value": "Made public." } ], "providerMetadata": { "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-30T02:46:43.628Z" }, "x_generator": { "engine": "cvelib 1.8.0" } }, "adp": [ { "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Improper Resource Shutdown or Release" } ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-09-02T13:55:22.694531Z", "id": "CVE-2025-9784", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T15:07:25.667Z" } }, { "title": "CVE Program Container", "references": [ { "url": "https://www.kb.cert.org/vuls/id/767506" } ], "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:07:57.869Z" } } ] } }