VulnerableCode Package Details - pkg:maven/io.undertow/undertow-core@2.2.38.Final

Search for packages

Vulnerability	Summary	Fixed by
VCID-5585-a76n-zubf Aliases: CVE-2023-5379	Allocation of Resources Without Limits or Throttling A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).	2.3.11.Final Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-5585-a76n-zubf
Aliases:
CVE-2023-5379

Allocation of Resources Without Limits or Throttling A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).

2.3.11.Final
Affected by 4 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ns3p-22xg-q3bz	Undertow MadeYouReset HTTP/2 DDoS Vulnerability A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).	CVE-2025-9784 GHSA-95h4-w6j8-2rp8

Vulnerability

Summary

Aliases

VCID-ns3p-22xg-q3bz

Undertow MadeYouReset HTTP/2 DDoS Vulnerability A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

CVE-2025-9784
GHSA-95h4-w6j8-2rp8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:39:47.505144+00:00	GitLab Importer	Fixing	VCID-ns3p-22xg-q3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-9784.yml	38.4.0
2026-04-16T22:45:20.483010+00:00	GitLab Importer	Affected by	VCID-5585-a76n-zubf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2023-5379.yml	38.4.0
2026-04-12T01:00:31.750427+00:00	GitLab Importer	Fixing	VCID-ns3p-22xg-q3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-9784.yml	38.3.0
2026-04-12T00:04:58.545829+00:00	GitLab Importer	Affected by	VCID-5585-a76n-zubf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2023-5379.yml	38.3.0
2026-04-07T04:58:39.601585+00:00	GHSA Importer	Fixing	VCID-ns3p-22xg-q3bz	https://github.com/advisories/GHSA-95h4-w6j8-2rp8	38.1.0
2026-04-03T01:08:43.456979+00:00	GitLab Importer	Fixing	VCID-ns3p-22xg-q3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-9784.yml	38.1.0
2026-04-03T00:09:39.709507+00:00	GitLab Importer	Affected by	VCID-5585-a76n-zubf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2023-5379.yml	38.1.0
2026-04-02T12:42:06.379428+00:00	GitLab Importer	Fixing	VCID-ns3p-22xg-q3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-9784.yml	38.0.0
2026-04-01T12:55:02.927326+00:00	GithubOSV Importer	Fixing	VCID-ns3p-22xg-q3bz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-95h4-w6j8-2rp8/GHSA-95h4-w6j8-2rp8.json	38.0.0