{"api_version":"1","generated_at":"2026-04-22T21:38:51+00:00","cve":"CVE-2024-3884","urls":{"html":"https://cve.report/CVE-2024-3884","api":"https://cve.report/api/cve/CVE-2024-3884.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-3884","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-3884"},"summary":{"title":"Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded","description":"A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-12-03 19:15:54","updated_at":"2026-03-30 12:16:18"},"problem_types":["CWE-20","CWE-20 Improper Input Validation"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:6011","name":"https://access.redhat.com/errata/RHSA-2026:6011","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275287","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2275287","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2024-3884","name":"https://access.redhat.com/security/cve/CVE-2024-3884","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3889","name":"https://access.redhat.com/errata/RHSA-2026:3889","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:4924","name":"https://access.redhat.com/errata/RHSA-2026:4924","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:0386","name":"https://access.redhat.com/errata/RHSA-2026:0386","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:6012","name":"https://access.redhat.com/errata/RHSA-2026:6012","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:4916","name":"https://access.redhat.com/errata/RHSA-2026:4916","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3891","name":"https://access.redhat.com/errata/RHSA-2026:3891","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3892","name":"https://access.redhat.com/errata/RHSA-2026:3892","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:0383","name":"https://access.redhat.com/errata/RHSA-2026:0383","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:4915","name":"https://access.redhat.com/errata/RHSA-2026:4915","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:0384","name":"https://access.redhat.com/errata/RHSA-2026:0384","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:4917","name":"https://access.redhat.com/errata/RHSA-2026:4917","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-3884","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3884","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7","version":"unaffected 0:1.4.18-19.SP17_redhat_00001.1.ep7.el7 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7","version":"unaffected 0:7.1.14-4.GA_redhat_00003.1.ep7.el7 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7","version":"unaffected 0:2.0.41-7.SP8_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7","version":"unaffected 0:7.3.17-5.GA_redhat_00006.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7","version":"unaffected 0:2.2.39-1.Final_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7","version":"unaffected 0:7.4.24-4.GA_redhat_00002.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8","version":"unaffected 0:2.2.39-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8","version":"unaffected 0:7.4.24-4.GA_redhat_00002.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9","version":"unaffected 0:2.2.39-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9","version":"unaffected 0:7.4.24-4.GA_redhat_00002.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:1.83.0-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:33.0.0-2.jre_redhat_00003.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:4.0.6-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:1.0.0-3.redhat_00009.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:2.0.2-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:2.3.23-1.SP3_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:1.83.0-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:33.0.0-2.jre_redhat_00003.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:4.0.6-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:1.0.0-3.redhat_00009.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:2.0.2-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:2.3.23-1.SP3_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:4.0.10-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:1.82.0-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:801.3.0-1.GA_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:1.0.1-3.redhat_00003.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:6.6.36-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:4.0.2-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:2.5.0-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:2.3.20-2.SP4_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:8.1.3-4.GA_redhat_00006.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:5.0.12-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:2.6.6-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:8.1.1-4.GA_redhat_00007.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:4.0.10-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:1.82.0-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:801.3.0-1.GA_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:1.0.1-3.redhat_00003.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:6.6.36-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:4.0.2-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:2.5.0-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:2.3.20-2.SP4_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:8.1.3-4.GA_redhat_00006.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:5.0.12-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:2.6.6-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:8.1.1-4.GA_redhat_00007.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"OpenShift Serverless","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Apache Camel 4 for Quarkus 3","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Apache Camel for Spring Boot 3","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Apache Camel for Spring Boot 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Apache Camel - HawtIO 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 2","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Build of Keycloak","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of OptaPlanner 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Quarkus","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Quarkus","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Data Grid 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Fuse 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Integration Camel K 1","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Integration Camel Quarkus 2","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Data Grid 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Fuse Service Works 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Process Automation 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Single Sign-On 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"streams for Apache Kafka","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-04-16T00:00:00.000Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-12-03T16:50:50.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"It is possible to mitigate the vulnerability by performing an upper-level verification to ensure the content size sent server side is within the allowed parameters.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"3884","cve":"CVE-2024-3884","epss":"0.003820000","percentile":"0.595920000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:43"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-3884","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-12-03T20:50:16.644717Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-12-03T20:55:19.911Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"],"defaultStatus":"affected","packageName":"eap7-undertow","product":"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.4.18-19.SP17_redhat_00001.1.ep7.el7","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.1.14-4.GA_redhat_00003.1.ep7.el7","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"],"defaultStatus":"affected","packageName":"eap7-undertow","product":"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.0.41-7.SP8_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.3.17-5.GA_redhat_00006.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"],"defaultStatus":"unaffected","packageName":"undertow","product":"Red Hat JBoss Enterprise Application Platform 7.4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-undertow","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.2.39-1.Final_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.4.24-4.GA_redhat_00002.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-undertow","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.2.39-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.4.24-4.GA_redhat_00002.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-undertow","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.2.39-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.4.24-4.GA_redhat_00002.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"unaffected","packageName":"undertow","product":"Red Hat JBoss Enterprise Application Platform 8.0","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-bouncycastle","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.83.0-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-guava-libraries","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:33.0.0-2.jre_redhat_00003.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-jaxb","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.6-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-jcip-annotations","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.0.0-3.redhat_00009.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-slf4j-jboss-logmanager","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.0.2-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-undertow","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.23-1.SP3_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-bouncycastle","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.83.0-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-guava-libraries","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:33.0.0-2.jre_redhat_00003.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-jaxb","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.6-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-jcip-annotations","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.0.0-3.redhat_00009.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-slf4j-jboss-logmanager","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.0.2-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-undertow","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.23-1.SP3_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"unaffected","packageName":"undertow","product":"Red Hat JBoss Enterprise Application Platform 8.1","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-apache-cxf","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.10-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-bouncycastle","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.82.0-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-eap-product-conf-parent","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:801.3.0-1.GA_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-eventstream","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.0.1-3.redhat_00003.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-hibernate","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.6.36-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-jboss-el-api_5.0_spec","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.2-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-jboss-threads","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.5.0-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-undertow","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.20-2.SP4_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-wildfly","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.1.3-4.GA_redhat_00006.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-wildfly-clustering","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:5.0.12-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-wildfly-elytron","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.6.6-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-wildfly-javadocs","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.1.1-4.GA_redhat_00007.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-apache-cxf","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.10-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-bouncycastle","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.82.0-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-eap-product-conf-parent","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:801.3.0-1.GA_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-eventstream","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.0.1-3.redhat_00003.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-hibernate","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.6.36-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-jboss-el-api_5.0_spec","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.2-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-jboss-threads","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.5.0-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-undertow","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.20-2.SP4_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-wildfly","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.1.3-4.GA_redhat_00006.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-wildfly-clustering","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:5.0.12-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-wildfly-elytron","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.6.6-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-wildfly-javadocs","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.1.1-4.GA_redhat_00007.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:serverless:1"],"defaultStatus":"unknown","packageName":"undertow","product":"OpenShift Serverless","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:camel_quarkus:3"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat build of Apache Camel 4 for Quarkus 3","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:camel_spring_boot:3"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat build of Apache Camel for Spring Boot 3","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:camel_spring_boot:4"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat build of Apache Camel for Spring Boot 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:apache_camel_hawtio:4"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat build of Apache Camel - HawtIO 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:service_registry:2"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat build of Apicurio Registry 2","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:build_keycloak:"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat Build of Keycloak","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:optaplanner:::el6"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat build of OptaPlanner 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:quarkus:2"],"defaultStatus":"unknown","packageName":"io.quarkus/quarkus-undertow","product":"Red Hat build of Quarkus","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:quarkus:3"],"defaultStatus":"unknown","packageName":"io.quarkus/quarkus-undertow","product":"Red Hat build of Quarkus","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_data_grid:8"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat Data Grid 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_fuse:7"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat Fuse 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:integration:1"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat Integration Camel K 1","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:camel_quarkus:2"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat Integration Camel Quarkus 2","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jboss_data_grid:7"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat JBoss Data Grid 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"unaffected","packageName":"undertow","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jboss_fuse_service_works:6"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat JBoss Fuse Service Works 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat Process Automation 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"],"defaultStatus":"unknown","packageName":"undertow","product":"Red Hat Single Sign-On 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:amq_streams:1"],"defaultStatus":"unknown","packageName":"undertow","product":"streams for Apache Kafka","vendor":"Red Hat"}],"datePublic":"2025-12-03T16:50:50.000Z","descriptions":[{"lang":"en","value":"A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-01T13:32:57.051Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2026:0383","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:0383"},{"name":"RHSA-2026:0384","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:0384"},{"name":"RHSA-2026:0386","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:0386"},{"name":"RHSA-2026:3889","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3889"},{"name":"RHSA-2026:3891","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3891"},{"name":"RHSA-2026:3892","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3892"},{"name":"RHSA-2026:4915","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4915"},{"name":"RHSA-2026:4916","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4916"},{"name":"RHSA-2026:4917","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4917"},{"name":"RHSA-2026:4924","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4924"},{"name":"RHSA-2026:6011","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:6011"},{"name":"RHSA-2026:6012","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:6012"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2024-3884"},{"name":"RHBZ#2275287","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275287"}],"timeline":[{"lang":"en","time":"2024-04-16T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-12-03T16:50:50.000Z","value":"Made public."}],"title":"Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded","workarounds":[{"lang":"en","value":"It is possible to mitigate the vulnerability by performing an upper-level verification to ensure the content size sent server side is within the allowed parameters."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-20: Improper Input Validation"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2024-3884","datePublished":"2025-12-03T18:40:25.606Z","dateReserved":"2024-04-16T13:30:53.755Z","dateUpdated":"2026-04-01T13:32:57.051Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-12-03 19:15:54","lastModifiedDate":"2026-03-30 12:16:18","problem_types":["CWE-20","CWE-20 Improper Input Validation"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"3884","Ordinal":"1","Title":"Undertow: outofmemory when parsing form data encoding with appli","CVE":"CVE-2024-3884","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"3884","Ordinal":"1","NoteData":"A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.","Type":"Description","Title":"Undertow: outofmemory when parsing form data encoding with appli"}]}}}