Skip to main content

Single Sign On

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-12543 Maven CRITICAL PATCH Act Now

Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal network scanning, and session hijacking. Affects a widely-used Java application server component.

Java Information Disclosure Red Hat Build Of Apache Camel Data Grid +6
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-9784 Maven HIGH PATCH This Week

Undertow, a Java web server used across Red Hat's JBoss Enterprise Application Platform, Fuse, and other middleware products, contains a vulnerability that allows attackers to trigger server-side HTTP/2 stream resets without incrementing abuse counters. This 'MadeYouReset' attack enables remote unauthenticated attackers to cause denial of service by repeatedly forcing the server to abort streams and perform unnecessary cleanup work. With an EPSS score of 1.17% (78th percentile), exploitation probability is moderate but rising, and patches have been released across multiple Red Hat product lines as of early 2025.

Denial Of Service Red Hat Build Of Apache Camel For Spring Boot Enterprise Linux Fuse +5
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-7341 Maven HIGH PATCH This Month

A session fixation issue was discovered in the SAML adapters provided by Keycloak. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Session Fixation Build Of Keycloak Keycloak Single Sign On
NVD GitHub
CVSS 3.1
7.1
EPSS
1.7%
CVE-2025-12543 Maven
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal network scanning, and session hijacking. Affects a widely-used Java application server component.

Java Information Disclosure Red Hat +8
NVD VulDB
CVE-2025-9784 Maven
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Undertow, a Java web server used across Red Hat's JBoss Enterprise Application Platform, Fuse, and other middleware products, contains a vulnerability that allows attackers to trigger server-side HTTP/2 stream resets without incrementing abuse counters. This 'MadeYouReset' attack enables remote unauthenticated attackers to cause denial of service by repeatedly forcing the server to abort streams and perform unnecessary cleanup work. With an EPSS score of 1.17% (78th percentile), exploitation probability is moderate but rising, and patches have been released across multiple Red Hat product lines as of early 2025.

Denial Of Service Red Hat Build Of Apache Camel For Spring Boot +7
NVD GitHub
CVE-2024-7341 Maven
EPSS 2% CVSS 7.1
HIGH PATCH This Month

A session fixation issue was discovered in the SAML adapters provided by Keycloak. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Session Fixation Build Of Keycloak +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy