Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2025-9784 PoC — Undertow: undertow madeyoureset http/2 ddos vulnerability

Source
https://github.com/drackyjr/CVE-2025-9784
Associated Vulnerability
Title:Undertow: undertow madeyoureset http/2 ddos vulnerability (CVE-2025-9784)
Description:A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
Readme
# CVE-2025-9784 MadeYouReset HTTP/2 Vulnerability Test

## Overview

This repository contains a simple and effective bash script to test for the CVE-2025-9784 vulnerability (known as the "MadeYouReset" HTTP/2 Denial of Service (DoS) attack) in Undertow HTTP/2 server implementations. The vulnerability allows attackers to induce excessive server workload by repeatedly causing server-side stream resets, leading to potential service disruption.

## Features

- Detects if the target server supports HTTP/2 protocol.
- Measures baseline response times.
- Simulates rapid concurrent HTTP/2 stream creation to trigger resets.
- Analyzes server response behaviors under load.
- Provides a straightforward vulnerability assessment report.

## Getting Started

### Prerequisites

- Bash shell (Linux, macOS, WSL)
- `curl` with HTTP/2 support
- Optional: `bc` for floating-point arithmetic (most Linux distros include this by default)

### Usage

1. Clone or download this repository.
2. Make the script executable:
```
chmod +x cve-2025-9784-test.sh
```
4. Run the script against a target URL:
```
./cve-2025-9784-test.sh https://target-website.com
```


### Output

- The script will output test progress and results, highlighting if any signs of potential vulnerability are detected.
- It checks the server's HTTP/2 capability, baseline response times, and simulates attack conditions.
- Final assessment notes if the server might be vulnerable based on response failure and delay patterns.

## Important Notes

- Only test against systems you own or have explicit permission to assess.
- This script does **not** exploit the vulnerability but stresses the server to observe response anomalies.
- The vulnerability affects certain Undertow server implementations primarily found in Red Hat products and other Java-based servers.
- For more details on the vulnerability, visit the official advisory: [Red Hat CVE-2025-9784](https://access.redhat.com/security/cve/CVE-2025-9784)

## Contributing

Contributions, issues, and feature requests are welcome! Feel free to fork the repository and submit pull requests.


## Disclaimer

This tool is for educational and authorized security testing purposes only. The author is not responsible for any misuse or damage caused by this script.

---
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →