CVE-2024-4027

Name of the Vulnerable Software and Affected Versions Undertow (affected versions not specified)

Description A flaw exists in Undertow where servlets utilizing a method that calls HttpServletRequestImpl.getParameterNames() may experience an OutOfMemoryError when handling client requests with excessively large parameter names. This condition can be leveraged by an unauthorized attacker to initiate a remote denial-of-service (DoS) attack. The vulnerable function is getParameterNames().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.