{"api_version":"1","generated_at":"2026-07-03T05:55:55+00:00","cve":"CVE-2025-9784","urls":{"html":"https://cve.report/CVE-2025-9784","api":"https://cve.report/api/cve/CVE-2025-9784.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-9784","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-9784"},"summary":{"title":"Undertow: undertow madeyoureset http/2 ddos vulnerability","description":"A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).","state":"PUBLISHED","assigner":"redhat","published_at":"2025-09-02 14:15:36","updated_at":"2026-06-30 03:17:01"},"problem_types":["CWE-770","CWE-404","CWE-770 Allocation of Resources Without Limits or Throttling","CWE-404 CWE-404 Improper Resource Shutdown or Release"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:33372","name":"https://access.redhat.com/errata/RHSA-2026:33372","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3889","name":"https://access.redhat.com/errata/RHSA-2026:3889","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:4924","name":"https://access.redhat.com/errata/RHSA-2026:4924","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:0386","name":"https://access.redhat.com/errata/RHSA-2026:0386","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final","name":"https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:4916","name":"https://access.redhat.com/errata/RHSA-2026:4916","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.kb.cert.org/vuls/id/767506","name":"https://www.kb.cert.org/vuls/id/767506","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3891","name":"https://access.redhat.com/errata/RHSA-2026:3891","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://issues.redhat.com/browse/UNDERTOW-2598","name":"https://issues.redhat.com/browse/UNDERTOW-2598","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3892","name":"https://access.redhat.com/errata/RHSA-2026:3892","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:0383","name":"https://access.redhat.com/errata/RHSA-2026:0383","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:4915","name":"https://access.redhat.com/errata/RHSA-2026:4915","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:33371","name":"https://access.redhat.com/errata/RHSA-2026:33371","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:23143","name":"https://access.redhat.com/errata/RHSA-2025:23143","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://kb.cert.org/vuls/id/767506","name":"https://kb.cert.org/vuls/id/767506","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-9784","name":"https://access.redhat.com/security/cve/CVE-2025-9784","refsource":"secalert@redhat.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/undertow-io/undertow/pull/1778","name":"https://github.com/undertow-io/undertow/pull/1778","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:0384","name":"https://access.redhat.com/errata/RHSA-2026:0384","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392306","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2392306","refsource":"secalert@redhat.com","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:4917","name":"https://access.redhat.com/errata/RHSA-2026:4917","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-9784","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9784","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform","version":"unaffected 2.2.39.Final-redhat-00001 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7","version":"unaffected 0:1.4.18-21.SP19_redhat_00001.1.ep7.el7 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7","version":"unaffected 0:2.0.41-8.SP9_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7","version":"unaffected 0:2.2.39-1.Final_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7","version":"unaffected 0:7.4.24-4.GA_redhat_00002.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8","version":"unaffected 0:2.2.39-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8","version":"unaffected 0:7.4.24-4.GA_redhat_00002.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9","version":"unaffected 0:2.2.39-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9","version":"unaffected 0:7.4.24-4.GA_redhat_00002.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:1.83.0-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:33.0.0-2.jre_redhat_00003.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:4.0.6-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:1.0.0-3.redhat_00009.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:2.0.2-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:2.3.23-1.SP3_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:1.83.0-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:33.0.0-2.jre_redhat_00003.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:4.0.6-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:1.0.0-3.redhat_00009.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:2.0.2-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:2.3.23-1.SP3_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:4.0.10-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:1.82.0-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:801.3.0-1.GA_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:1.0.1-3.redhat_00003.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:6.6.36-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:4.0.2-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:2.5.0-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:2.3.20-2.SP4_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:8.1.3-4.GA_redhat_00006.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:5.0.12-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:2.6.6-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","version":"unaffected 0:8.1.1-4.GA_redhat_00007.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:4.0.10-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:1.82.0-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:801.3.0-1.GA_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:1.0.1-3.redhat_00003.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:6.6.36-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:4.0.2-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:2.5.0-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:2.3.20-2.SP4_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:8.1.3-4.GA_redhat_00006.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:5.0.12-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:2.6.6-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","version":"unaffected 0:8.1.1-4.GA_redhat_00007.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Apache Camel - HawtIO 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Data Grid 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Fuse 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Process Automation 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Single Sign-On 7","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-09-01T06:19:20.938Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-09-01T06:21:54.614Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"9784","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"build_of_apache_camel_for_spring_boot","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9784","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9784","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9784","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"fuse","cpe6":"7.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9784","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"7.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9784","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"8.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9784","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform_expansion_pack","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9784","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"process_automation","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9784","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"single_sign-on","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9784","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"undertow","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"9784","cve":"CVE-2025-9784","epss":"0.021700000","percentile":"0.800470000","score_date":"2026-07-01","updated_at":"2026-07-02 00:05:26"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-9784","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-09-02T13:55:22.694531Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-404","description":"CWE-404 Improper Resource Shutdown or Release","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-19T15:07:25.667Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2025-11-03T20:07:57.869Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://www.kb.cert.org/vuls/id/767506"}],"title":"CVE Program Container"}],"cna":{"affected":[{"collectionURL":"https://github.com/undertow-io/undertow/","defaultStatus":"unaffected","packageName":"undertow","versions":[{"lessThan":"2.2.38.Final","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.14"],"defaultStatus":"unaffected","packageName":"undertow-core","product":"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"],"defaultStatus":"affected","packageName":"io.undertow/undertow-core","product":"Red Hat JBoss Enterprise Application Platform","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2.2.39.Final-redhat-00001","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"],"defaultStatus":"affected","packageName":"eap7-undertow","product":"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.4.18-21.SP19_redhat_00001.1.ep7.el7","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"],"defaultStatus":"affected","packageName":"eap7-undertow","product":"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.0.41-8.SP9_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-undertow","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.2.39-1.Final_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.4.24-4.GA_redhat_00002.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-undertow","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.2.39-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.4.24-4.GA_redhat_00002.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-undertow","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.2.39-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.4.24-4.GA_redhat_00002.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"unaffected","packageName":"undertow-core","product":"Red Hat JBoss Enterprise Application Platform 8.0","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-bouncycastle","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.83.0-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-guava-libraries","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:33.0.0-2.jre_redhat_00003.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-jaxb","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.6-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-jcip-annotations","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.0.0-3.redhat_00009.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-slf4j-jboss-logmanager","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.0.2-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-undertow","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.23-1.SP3_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-bouncycastle","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.83.0-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-guava-libraries","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:33.0.0-2.jre_redhat_00003.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-jaxb","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.6-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-jcip-annotations","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.0.0-3.redhat_00009.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-slf4j-jboss-logmanager","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.0.2-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-undertow","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.23-1.SP3_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"unaffected","packageName":"undertow-core","product":"Red Hat JBoss Enterprise Application Platform 8.1","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-apache-cxf","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.10-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-bouncycastle","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.82.0-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-eap-product-conf-parent","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:801.3.0-1.GA_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-eventstream","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.0.1-3.redhat_00003.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-hibernate","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.6.36-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-jboss-el-api_5.0_spec","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.2-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-jboss-threads","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.5.0-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-undertow","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.20-2.SP4_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-wildfly","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.1.3-4.GA_redhat_00006.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-wildfly-clustering","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:5.0.12-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-wildfly-elytron","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.6.6-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","packageName":"eap8-wildfly-javadocs","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.1.1-4.GA_redhat_00007.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-apache-cxf","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.10-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-bouncycastle","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.82.0-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-eap-product-conf-parent","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:801.3.0-1.GA_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-eventstream","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.0.1-3.redhat_00003.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-hibernate","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.6.36-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-jboss-el-api_5.0_spec","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.2-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-jboss-threads","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.5.0-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-undertow","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.20-2.SP4_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-wildfly","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.1.3-4.GA_redhat_00006.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-wildfly-clustering","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:5.0.12-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-wildfly-elytron","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.6.6-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","packageName":"eap8-wildfly-javadocs","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.1.1-4.GA_redhat_00007.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:apache_camel_hawtio:4"],"defaultStatus":"unaffected","packageName":"undertow-core","product":"Red Hat build of Apache Camel - HawtIO 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_data_grid:8"],"defaultStatus":"affected","packageName":"undertow-core","product":"Red Hat Data Grid 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"unaffected","packageName":"moditect","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","packageName":"pki-core:10.6/resteasy","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","packageName":"pki-deps:10.6/resteasy","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"unaffected","packageName":"resteasy","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_fuse:7"],"defaultStatus":"affected","packageName":"undertow-core","product":"Red Hat Fuse 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"],"defaultStatus":"affected","packageName":"undertow-core","product":"Red Hat JBoss Enterprise Application Platform 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"],"defaultStatus":"unaffected","packageName":"org.jberet-jberet-parent","product":"Red Hat JBoss Enterprise Application Platform 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"],"defaultStatus":"unaffected","packageName":"org.jboss.eap-jboss-eap-xp","product":"Red Hat JBoss Enterprise Application Platform 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"affected","packageName":"org.jboss.eap-jboss-eap-xp","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"unaffected","packageName":"undertow-core","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"],"defaultStatus":"affected","packageName":"undertow-core","product":"Red Hat Process Automation 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"],"defaultStatus":"affected","packageName":"undertow-core","product":"Red Hat Single Sign-On 7","vendor":"Red Hat"}],"datePublic":"2025-09-01T06:21:54.614Z","descriptions":[{"lang":"en","value":"A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS)."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T02:46:43.628Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:23143","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:23143"},{"name":"RHSA-2026:0383","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:0383"},{"name":"RHSA-2026:0384","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:0384"},{"name":"RHSA-2026:0386","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:0386"},{"name":"RHSA-2026:33371","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:33371"},{"name":"RHSA-2026:33372","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:33372"},{"name":"RHSA-2026:3889","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3889"},{"name":"RHSA-2026:3891","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3891"},{"name":"RHSA-2026:3892","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3892"},{"name":"RHSA-2026:4915","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4915"},{"name":"RHSA-2026:4916","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4916"},{"name":"RHSA-2026:4917","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4917"},{"name":"RHSA-2026:4924","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4924"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-9784"},{"name":"RHBZ#2392306","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392306"},{"url":"https://github.com/undertow-io/undertow/pull/1778"},{"url":"https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"},{"url":"https://issues.redhat.com/browse/UNDERTOW-2598"},{"url":"https://kb.cert.org/vuls/id/767506"}],"timeline":[{"lang":"en","time":"2025-09-01T06:19:20.938Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-09-01T06:21:54.614Z","value":"Made public."}],"title":"Undertow: undertow madeyoureset http/2 ddos vulnerability","workarounds":[{"lang":"en","value":"No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-770: Allocation of Resources Without Limits or Throttling"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-9784","datePublished":"2025-09-02T13:37:59.772Z","dateReserved":"2025-09-01T06:33:05.239Z","dateUpdated":"2026-06-30T02:46:43.628Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-09-02 14:15:36","lastModifiedDate":"2026-06-30 03:17:01","problem_types":["CWE-770","CWE-404","CWE-770 Allocation of Resources Without Limits or Throttling","CWE-404 CWE-404 Improper Resource Shutdown or Release"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-09-02T13:55:22.694531Z","id":"CVE-2025-9784","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_apache_camel_for_spring_boot:-:*:*:*:*:*:*:*","matchCriteriaId":"EDE67672-8894-448B-84B5-3CD3610A8117"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:fuse:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AAD91726-93D9-4230-BF69-6A79B58E09E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"72A54BDA-311C-413B-8E4D-388AD65A170A"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0D8BC03A-4198-4488-946B-3F6B43962942"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*","matchCriteriaId":"0A24CBFB-4900-47A5-88D2-A44C929603DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"20A6B40D-F991-4712-8E30-5FE008505CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*","matchCriteriaId":"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:*","matchCriteriaId":"8190B427-8350-43AE-8F54-6A40B701C95E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","matchCriteriaId":"053C1B35-3869-41C2-9551-044182DE0A64"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"9784","Ordinal":"1","Title":"Undertow: undertow madeyoureset http/2 ddos vulnerability","CVE":"CVE-2025-9784","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"9784","Ordinal":"1","NoteData":"A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).","Type":"Description","Title":"Undertow: undertow madeyoureset http/2 ddos vulnerability"}]}}}