-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
- is incorporated by
-
WFCORE-7375 Upgrade Undertow from 2.3.18.Final to 2.3.20.Final (resolves CVE-2024-4109, CVE-2025-9784)
-
- Resolved
-
- relates to
-
UNDERTOW-2628 Add a block list of malicious attackers per ip address
-
- Open
-
-
WFLY-21028 Support a block list of malicious remote attackers
-
- Open
-
-
UNDERTOW-2625 Connectors.isTokenCharacter throws ArrayIndexOutOfBounds
-
- Open
-
-
UNDERTOW-2624 Http2FrameHeaderParser throws ClassCastException when parsing a push promise frame
-
- Coding In Progress
-
-
UNDERTOW-2623 Http2DataStreamSinkChannel.generateSendFrameHeader can be invoked twice
-
- Coding In Progress
-