Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-9784 PoC — Undertow: undertow madeyoureset http/2 ddos vulnerability

Source
https://github.com/drackyjr/CVE-2025-9784
Associated Vulnerability
Title:Undertow: undertow madeyoureset http/2 ddos vulnerability (CVE-2025-9784)
Description:A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
Readme
# CVE-2025-9784 MadeYouReset HTTP/2 Vulnerability Test

## Overview

This repository contains a simple and effective bash script to test for the CVE-2025-9784 vulnerability (known as the "MadeYouReset" HTTP/2 Denial of Service (DoS) attack) in Undertow HTTP/2 server implementations. The vulnerability allows attackers to induce excessive server workload by repeatedly causing server-side stream resets, leading to potential service disruption.

## Features

- Detects if the target server supports HTTP/2 protocol.
- Measures baseline response times.
- Simulates rapid concurrent HTTP/2 stream creation to trigger resets.
- Analyzes server response behaviors under load.
- Provides a straightforward vulnerability assessment report.

## Getting Started

### Prerequisites

- Bash shell (Linux, macOS, WSL)
- `curl` with HTTP/2 support
- Optional: `bc` for floating-point arithmetic (most Linux distros include this by default)

### Usage

1. Clone or download this repository.
2. Make the script executable:
```
chmod +x cve-2025-9784-test.sh
```
4. Run the script against a target URL:
```
./cve-2025-9784-test.sh https://target-website.com
```


### Output

- The script will output test progress and results, highlighting if any signs of potential vulnerability are detected.
- It checks the server's HTTP/2 capability, baseline response times, and simulates attack conditions.
- Final assessment notes if the server might be vulnerable based on response failure and delay patterns.

## Important Notes

- Only test against systems you own or have explicit permission to assess.
- This script does **not** exploit the vulnerability but stresses the server to observe response anomalies.
- The vulnerability affects certain Undertow server implementations primarily found in Red Hat products and other Java-based servers.
- For more details on the vulnerability, visit the official advisory: [Red Hat CVE-2025-9784](https://access.redhat.com/security/cve/CVE-2025-9784)

## Contributing

Contributions, issues, and feature requests are welcome! Feel free to fork the repository and submit pull requests.


## Disclaimer

This tool is for educational and authorized security testing purposes only. The author is not responsible for any misuse or damage caused by this script.

---
File Snapshot

 [4.0K]  /data/pocs/1482d46ce173848bec85a9a9e7fae479ca93b666
├── [3.6K]  cve-2025-9784-test.sh
├── [1.0K]  LICENSE
└── [2.2K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →