CVE-2024-4027

Summary

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-20: Improper Input Validation

Workarounds

Currently no mitigation is available for this vulnerability. Please make sure to perform the update as they become available.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

undertow: OutOfMemoryError in HttpServletRequestImpl.getParameterNames() can cause remote DoS attacks

Additional References

References