A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
Published: 2025-09-02
CVSS: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Download Exploit for CVE-2025-9784 here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
https://augustaverburg.nl/exploit-99-cve-2024-10963/
https://augustaverburg.nl/exploit-493-cve-2016-4117/
https://augustaverburg.nl/exploit-337-cve-2020-25213/
https://augustaverburg.nl/exploit-648-cve-2005-1794/
https://augustaverburg.nl/exploit-30-cve-2024-54024/