CVE-2024-3884
Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded
Description
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
INFO
Published Date :
Dec. 3, 2025, 7:15 p.m.
Last Modified :
June 17, 2026, 7:45 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2024-3884
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | |||||
| CVSS 3.1 | HIGH | 53f830b8-0a3f-465b-8143-3b8a9948e749 | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Update Undertow to the latest version.
- Configure maximum form data size.
- Monitor server memory usage.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-3884.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-3884 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-3884
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-3884 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-3884 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 17, 2026
Action Type Old Value New Value Added SSVC {'id': 'CVE-2024-3884', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'yes'}, {'technicalImpact': 'partial'}], 'version': '2.0.3', 'timestamp': '2025-12-03T20:50:16.644717Z'} -
CVE Modified by [email protected]
Jun. 17, 2026
Action Type Old Value New Value Added Affected [{'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:7.4'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform', 'versions': [{'status': 'unaffected', 'version': '2.2.39.Final-redhat-00001', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'io.undertow/undertow-core', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7', 'versions': [{'status': 'unaffected', 'version': '0:1.4.18-19.SP17_redhat_00001.1.ep7.el7', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap7-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7', 'versions': [{'status': 'unaffected', 'version': '0:7.1.14-4.GA_redhat_00003.1.ep7.el7', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap7-wildfly', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7', 'versions': [{'status': 'unaffected', 'version': '0:2.0.41-7.SP8_redhat_00001.1.el7eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap7-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7', 'versions': [{'status': 'unaffected', 'version': '0:7.3.17-5.GA_redhat_00006.1.el7eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap7-wildfly', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7', 'versions': [{'status': 'unaffected', 'version': '0:2.2.39-1.Final_redhat_00001.1.el7eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap7-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7', 'versions': [{'status': 'unaffected', 'version': '0:7.4.24-4.GA_redhat_00002.1.el7eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap7-wildfly', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:2.2.39-1.Final_redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap7-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:7.4.24-4.GA_redhat_00002.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap7-wildfly', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:2.2.39-1.Final_redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap7-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:7.4.24-4.GA_redhat_00002.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap7-wildfly', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:1.83.0-1.redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-bouncycastle', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:33.0.0-2.jre_redhat_00003.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-guava-libraries', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:4.0.6-1.redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-jaxb', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:1.0.0-3.redhat_00009.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-jcip-annotations', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:2.0.2-1.Final_redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-slf4j-jboss-logmanager', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:2.3.23-1.SP3_redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:1.83.0-1.redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-bouncycastle', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:33.0.0-2.jre_redhat_00003.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-guava-libraries', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:4.0.6-1.redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-jaxb', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:1.0.0-3.redhat_00009.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-jcip-annotations', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:2.0.2-1.Final_redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-slf4j-jboss-logmanager', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:2.3.23-1.SP3_redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:4.0.10-1.redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-apache-cxf', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:1.82.0-1.redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-bouncycastle', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:801.3.0-1.GA_redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-eap-product-conf-parent', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:1.0.1-3.redhat_00003.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-eventstream', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:6.6.36-1.Final_redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-hibernate', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:4.0.2-1.Final_redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-jboss-el-api_5.0_spec', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:2.5.0-1.redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-jboss-threads', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:2.3.20-2.SP4_redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:8.1.3-4.GA_redhat_00006.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-wildfly', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:5.0.12-1.Final_redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-wildfly-clustering', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:2.6.6-1.Final_redhat_00001.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-wildfly-elytron', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8', 'versions': [{'status': 'unaffected', 'version': '0:8.1.1-4.GA_redhat_00007.1.el8eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-wildfly-javadocs', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:4.0.10-1.redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-apache-cxf', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:1.82.0-1.redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-bouncycastle', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:801.3.0-1.GA_redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-eap-product-conf-parent', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:1.0.1-3.redhat_00003.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-eventstream', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:6.6.36-1.Final_redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-hibernate', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:4.0.2-1.Final_redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-jboss-el-api_5.0_spec', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:2.5.0-1.redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-jboss-threads', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:2.3.20-2.SP4_redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:8.1.3-4.GA_redhat_00006.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-wildfly', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:5.0.12-1.Final_redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-wildfly-clustering', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:2.6.6-1.Final_redhat_00001.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-wildfly-elytron', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9', 'versions': [{'status': 'unaffected', 'version': '0:8.1.1-4.GA_redhat_00007.1.el9eap', 'lessThan': '*', 'versionType': 'rpm'}], 'packageName': 'eap8-wildfly-javadocs', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:serverless:1'], 'vendor': 'Red Hat', 'product': 'OpenShift Serverless', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:camel_quarkus:3'], 'vendor': 'Red Hat', 'product': 'Red Hat build of Apache Camel 4 for Quarkus 3', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:camel_spring_boot:3'], 'vendor': 'Red Hat', 'product': 'Red Hat build of Apache Camel for Spring Boot 3', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:camel_spring_boot:4'], 'vendor': 'Red Hat', 'product': 'Red Hat build of Apache Camel for Spring Boot 4', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:apache_camel_hawtio:4'], 'vendor': 'Red Hat', 'product': 'Red Hat build of Apache Camel - HawtIO 4', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:service_registry:2'], 'vendor': 'Red Hat', 'product': 'Red Hat build of Apicurio Registry 2', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:build_keycloak:'], 'vendor': 'Red Hat', 'product': 'Red Hat Build of Keycloak', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:optaplanner:::el6'], 'vendor': 'Red Hat', 'product': 'Red Hat build of OptaPlanner 8', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:quarkus:2'], 'vendor': 'Red Hat', 'product': 'Red Hat build of Quarkus', 'packageName': 'io.quarkus/quarkus-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:quarkus:3'], 'vendor': 'Red Hat', 'product': 'Red Hat build of Quarkus', 'packageName': 'io.quarkus/quarkus-undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:jboss_data_grid:8'], 'vendor': 'Red Hat', 'product': 'Red Hat Data Grid 8', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:jboss_fuse:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Fuse 7', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:integration:1'], 'vendor': 'Red Hat', 'product': 'Red Hat Integration Camel K 1', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:camel_quarkus:2'], 'vendor': 'Red Hat', 'product': 'Red Hat Integration Camel Quarkus 2', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:jboss_data_grid:7'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Data Grid 7', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/jbossnetwork/restricted/listSoftware.html', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_application_platform:7'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform 7', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/jbossnetwork/restricted/listSoftware.html', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:jbosseapxp'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Enterprise Application Platform Expansion Pack', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/jbossnetwork/restricted/listSoftware.html', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:jboss_fuse_service_works:6'], 'vendor': 'Red Hat', 'product': 'Red Hat JBoss Fuse Service Works 6', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/jbossnetwork/restricted/listSoftware.html', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:jboss_enterprise_bpms_platform:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Process Automation 7', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:red_hat_single_sign_on:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Single Sign-On 7', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}, {'cpes': ['cpe:/a:redhat:amq_streams:1'], 'vendor': 'Red Hat', 'product': 'streams for Apache Kafka', 'packageName': 'undertow', 'collectionURL': 'https://access.redhat.com/downloads/content/package-browser/', 'defaultStatus': 'unknown'}] -
CVE Modified by [email protected]
Mar. 30, 2026
Action Type Old Value New Value Added Reference https://access.redhat.com/errata/RHSA-2026:6011 Added Reference https://access.redhat.com/errata/RHSA-2026:6012 -
CVE Modified by [email protected]
Mar. 18, 2026
Action Type Old Value New Value Added Reference https://access.redhat.com/errata/RHSA-2026:4915 Added Reference https://access.redhat.com/errata/RHSA-2026:4916 Added Reference https://access.redhat.com/errata/RHSA-2026:4917 Added Reference https://access.redhat.com/errata/RHSA-2026:4924 -
CVE Modified by [email protected]
Mar. 05, 2026
Action Type Old Value New Value Added Reference https://access.redhat.com/errata/RHSA-2026:3889 Added Reference https://access.redhat.com/errata/RHSA-2026:3891 Added Reference https://access.redhat.com/errata/RHSA-2026:3892 -
CVE Modified by [email protected]
Jan. 26, 2026
Action Type Old Value New Value Removed Reference https://access.redhat.com/errata/RHSA-2025:3990 Removed Reference https://access.redhat.com/errata/RHSA-2025:3992 -
CVE Modified by [email protected]
Jan. 21, 2026
Action Type Old Value New Value Removed Reference https://access.redhat.com/errata/RHSA-2025:22773 Removed Reference https://access.redhat.com/errata/RHSA-2025:22775 Removed Reference https://access.redhat.com/errata/RHSA-2025:22777 -
CVE Modified by [email protected]
Jan. 13, 2026
Action Type Old Value New Value Added Reference https://access.redhat.com/errata/RHSA-2026:0383 Added Reference https://access.redhat.com/errata/RHSA-2026:0384 Added Reference https://access.redhat.com/errata/RHSA-2026:0386 -
CVE Modified by [email protected]
Dec. 06, 2025
Action Type Old Value New Value Added Reference https://access.redhat.com/errata/RHSA-2025:3990 Added Reference https://access.redhat.com/errata/RHSA-2025:3992 -
CVE Modified by [email protected]
Dec. 04, 2025
Action Type Old Value New Value Added Reference https://access.redhat.com/errata/RHSA-2025:22775 -
CVE Modified by [email protected]
Dec. 04, 2025
Action Type Old Value New Value Added Reference https://access.redhat.com/errata/RHSA-2025:22773 -
CVE Modified by [email protected]
Dec. 04, 2025
Action Type Old Value New Value Added Reference https://access.redhat.com/errata/RHSA-2025:22777 -
New CVE Received by [email protected]
Dec. 03, 2025
Action Type Old Value New Value Added Description A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Added CWE CWE-20 Added Reference https://access.redhat.com/security/cve/CVE-2024-3884 Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2275287