Home
HIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HDefault status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
affected
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unaffected
Default status
affected
Default status
affected
Default status
unknown
Default status
unaffected
Default status
unaffected
Default status
unaffected
Default status
unknown
Default status
affected
Default status
unaffected
Default status
unknown
Description
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.
Problem types
Product status
Timeline
| 2024-04-22: | Reported to Red Hat. |
| 2026-01-30: | Made public. |
References
access.redhat.com/security/cve/CVE-2024-4027
bugzilla.redhat.com/show_bug.cgi?id=2276410 (RHBZ#2276410)