Bug 2392306 (CVE-2025-9784) - CVE-2025-9784 undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability
Summary: CVE-2025-9784 undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability
Keywords:
Status: NEW
Alias: CVE-2025-9784
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2392309 2392308
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-01 06:34 UTC by OSIDB Bzimport
Modified: 2026-03-18 13:55 UTC (History)
46 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:23143 0 None None None 2025-12-11 20:15:40 UTC
Red Hat Product Errata RHSA-2026:0383 0 None None None 2026-01-08 16:54:54 UTC
Red Hat Product Errata RHSA-2026:0384 0 None None None 2026-01-08 16:55:19 UTC
Red Hat Product Errata RHSA-2026:0386 0 None None None 2026-01-08 16:53:59 UTC
Red Hat Product Errata RHSA-2026:3889 0 None None None 2026-03-05 13:36:18 UTC
Red Hat Product Errata RHSA-2026:3891 0 None None None 2026-03-05 13:34:52 UTC
Red Hat Product Errata RHSA-2026:3892 0 None None None 2026-03-05 13:34:23 UTC
Red Hat Product Errata RHSA-2026:4915 0 None None None 2026-03-18 13:15:25 UTC
Red Hat Product Errata RHSA-2026:4916 0 None None None 2026-03-18 13:16:45 UTC
Red Hat Product Errata RHSA-2026:4917 0 None None None 2026-03-18 13:17:08 UTC
Red Hat Product Errata RHSA-2026:4924 0 None None None 2026-03-18 13:55:29 UTC

Description OSIDB Bzimport 2025-09-01 06:34:39 UTC 
HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
Comment 1 errata-xmlrpc 2025-12-11 20:15:36 UTC 
This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8

Via RHSA-2025:23143 https://access.redhat.com/errata/RHSA-2025:23143
Comment 2 errata-xmlrpc 2026-01-08 16:53:55 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1

Via RHSA-2026:0386 https://access.redhat.com/errata/RHSA-2026:0386
Comment 3 errata-xmlrpc 2026-01-08 16:54:49 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Via RHSA-2026:0383 https://access.redhat.com/errata/RHSA-2026:0383
Comment 4 errata-xmlrpc 2026-01-08 16:55:14 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Via RHSA-2026:0384 https://access.redhat.com/errata/RHSA-2026:0384
Comment 6 errata-xmlrpc 2026-03-05 13:34:18 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0

Via RHSA-2026:3892 https://access.redhat.com/errata/RHSA-2026:3892
Comment 7 errata-xmlrpc 2026-03-05 13:34:47 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Via RHSA-2026:3891 https://access.redhat.com/errata/RHSA-2026:3891
Comment 8 errata-xmlrpc 2026-03-05 13:36:14 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Via RHSA-2026:3889 https://access.redhat.com/errata/RHSA-2026:3889
Comment 9 errata-xmlrpc 2026-03-18 13:15:20 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7

Via RHSA-2026:4915 https://access.redhat.com/errata/RHSA-2026:4915
Comment 10 errata-xmlrpc 2026-03-18 13:16:41 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8

Via RHSA-2026:4916 https://access.redhat.com/errata/RHSA-2026:4916
Comment 11 errata-xmlrpc 2026-03-18 13:17:03 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9

Via RHSA-2026:4917 https://access.redhat.com/errata/RHSA-2026:4917
Comment 12 errata-xmlrpc 2026-03-18 13:55:24 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4

Via RHSA-2026:4924 https://access.redhat.com/errata/RHSA-2026:4924
Note You need to log in before you can comment on or make changes to this bug.