Primary

Context

Undertow Remote Denial-of-Service Vulnerability

Vulnerability

A remote denial-of-service vulnerability has been identified in Undertow. The issue arises in the FormEncodedDataDefinition.doParse(StreamSourceChannel) method when parsing large form data encoded as application/x-www-form-urlencoded. This processing can lead to an OutOfMemory error, allowing unauthorized users to cause a remote denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the server to run out of memory and potentially crash or become unresponsive.

Remediation

To mitigate this vulnerability, implement an upper-level verification to ensure that the size of the content sent to the server is within acceptable limits.

Added: Dec 3, 2025, 7:25 PM

Updated: Dec 3, 2025, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

7.6

remediation

7.9

relevance

1.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

7.6

remediation

7.9

relevance

1.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Undertow Remote Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Red Hat Undertow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating