Project Subscriptions
| Vendors | Products |
|---|---|
|
Redhat
Subscribe
|
Build Of Apache Camel - Hawtio
Subscribe
Build Of Apache Camel For Spring Boot
Subscribe
Data Grid
Subscribe
Enterprise Linux
Subscribe
Fuse
Subscribe
Jboss Enterprise Application Platform
Subscribe
Jboss Enterprise Application Platform Expansion Pack
Subscribe
Process Automation
Subscribe
Red Hat Single Sign On
Subscribe
Single Sign-on
Subscribe
Undertow
Subscribe
|
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-3x3v-w654-m28m | Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 07 Jul 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests | undertow: Undertow: Denial of Service due to premature multipart/form-data parsing in GET requests |
| Metrics |
ssvc
|
Tue, 07 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS). | The Undertow web server enforces a default maximum HTTP request entity size limit. Any request (including GET or HEAD) containing a body that exceeds this configurable limit is safely dropped by the server, preventing single-request Resource Exhaustion (Out of Memory) Denial of Service attacks. |
| CPEs | cpe:/a:redhat:camel_spring_boot:4 cpe:/a:redhat:jboss_data_grid:8 cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:red_hat_single_sign_on:7 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat apache Camel Hawtio
Redhat camel Spring Boot Redhat jboss Data Grid Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp |
Wed, 08 Apr 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat single Sign-on
|
|
| CPEs | cpe:2.3:a:redhat:build_of_apache_camel_-_hawtio:4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_apache_camel_for_spring_boot:4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:fuse:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Redhat single Sign-on
|
Thu, 26 Mar 2026 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 24 Mar 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Tue, 24 Mar 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat build Of Apache Camel - Hawtio
Redhat build Of Apache Camel For Spring Boot Redhat data Grid Redhat fuse Redhat jboss Enterprise Application Platform Expansion Pack Redhat process Automation Redhat undertow |
|
| Vendors & Products |
Redhat build Of Apache Camel - Hawtio
Redhat build Of Apache Camel For Spring Boot Redhat data Grid Redhat fuse Redhat jboss Enterprise Application Platform Expansion Pack Redhat process Automation Redhat undertow |
Tue, 24 Mar 2026 04:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS). | |
| Title | Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests | |
| First Time appeared |
Redhat
Redhat apache Camel Hawtio Redhat camel Spring Boot Redhat enterprise Linux Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On |
|
| Weaknesses | CWE-770 | |
| CPEs | cpe:/a:redhat:apache_camel_hawtio:4 cpe:/a:redhat:camel_spring_boot:4 cpe:/a:redhat:jboss_data_grid:8 cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:red_hat_single_sign_on:7 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat
Redhat apache Camel Hawtio Redhat camel Spring Boot Redhat enterprise Linux Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: REJECTED
Assigner: redhat
Published:
Updated: 2026-07-07T19:50:22.087Z
Reserved: 2026-02-26T14:22:15.920Z
Link: CVE-2026-3260
Updated:
Status : Analyzed
Published: 2026-03-24T05:16:24.073
Modified: 2026-06-17T10:43:17.557
Link: CVE-2026-3260
OpenCVE Enrichment
Updated: 2026-04-09T08:29:38Z
Github GHSA