VDB

CVE-2024-4027

CVE-2024-4027 PUBLISHED CVSS 7.5 HIGH

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.

EPSS 0.38% · 59.8th percentile

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.38%
59.8th percentile

Affected Products

VendorProductVersions
Red HatRed Hat Single Sign-On 7
Red HatRed Hat build of Apache Camel 4 for Quarkus 3
Red HatRed Hat JBoss Enterprise Application Platform 8
Red HatRed Hat Data Grid 8
Red HatRed Hat JBoss Enterprise Application Platform Expansion Pack
Red HatRed Hat JBoss Fuse Service Works 6
Red HatRed Hat build of Apicurio Registry 2
Red HatRed Hat Fuse 7
Red HatRed Hat build of Quarkus
Red HatOpenShift Serverless
Red HatRed Hat build of Apache Camel for Spring Boot 4
Red HatRed Hat JBoss Enterprise Application Platform 7
Red HatRed Hat build of Apache Camel for Spring Boot 3
Mavenio.undertow:undertow-core2.3.0.Alpha1, 2.3.0, 2.4.0
Red HatRed Hat build of Apache Camel - HawtIO 4
Red HatRed Hat JBoss Data Grid 7
Red HatRed Hat Integration Camel K 1
Red HatRed Hat Build of Keycloak
Red HatRed Hat build of OptaPlanner 8
Red HatRed Hat Process Automation 7

…and 1 more

Timeline

  • Jan 30, 2026 CVE Published
  • Jan 31, 2026 EPSS Score
  • Jan 31, 2026 PoC Published
  • Feb 2, 2026 EPSS Score
  • Feb 5, 2026 EPSS Score
  • Feb 7, 2026 EPSS Score
  • Feb 9, 2026 EPSS Score
  • Feb 12, 2026 EPSS Score
  • Feb 14, 2026 EPSS Score
  • Feb 16, 2026 EPSS Score
  • Feb 19, 2026 EPSS Score
  • Feb 21, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›