CVE-2024-3884

high

Apache

CVSS v3 Base Score

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.8%

Exploitation probability in 30 days

Top 26% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

None

Availability

High

Published: December 3, 2025 (162 days ago)

Last Modified: March 30, 2026

Vendor: Apache

Source: MITRE

Description

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

CWE

CWE-20

Affected Products

Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7Red Hat Red Hat JBoss Enterprise Application Platform 7.4Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9Red Hat Red Hat JBoss Enterprise Application Platform 8.0Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat Red Hat JBoss Enterprise Application Platform 8.1

References

🔗 access.redhat.com 🔗 access.redhat.com 🔗 access.redhat.com 🔗 access.redhat.com 🔗 access.redhat.com

CVE-2024-3884

Vulnerability Report

Description

CWE

Affected Products

References