漏洞平台

POC详情： 1482d46ce173848bec85a9a9e7fae479ca93b666

来源

https://github.com/drackyjr/CVE-2025-9784

关联漏洞

标题： Red Hat Undertow 安全漏洞 (CVE-2025-9784)
描述：Red Hat Undertow是美国红帽（Red Hat）公司的一款基于Java的嵌入式Web服务器，是Wildfly（Java应用服务器）默认的Web服务器。 Red Hat Undertow存在安全漏洞，该漏洞源于容易受到HTTP/2 DDoS攻击。

介绍

# CVE-2025-9784 MadeYouReset HTTP/2 Vulnerability Test

## Overview

This repository contains a simple and effective bash script to test for the CVE-2025-9784 vulnerability (known as the "MadeYouReset" HTTP/2 Denial of Service (DoS) attack) in Undertow HTTP/2 server implementations. The vulnerability allows attackers to induce excessive server workload by repeatedly causing server-side stream resets, leading to potential service disruption.

## Features

- Detects if the target server supports HTTP/2 protocol.
- Measures baseline response times.
- Simulates rapid concurrent HTTP/2 stream creation to trigger resets.
- Analyzes server response behaviors under load.
- Provides a straightforward vulnerability assessment report.

## Getting Started

### Prerequisites

- Bash shell (Linux, macOS, WSL)
- `curl` with HTTP/2 support
- Optional: `bc` for floating-point arithmetic (most Linux distros include this by default)

### Usage

1. Clone or download this repository.
2. Make the script executable:
```
chmod +x cve-2025-9784-test.sh
```
4. Run the script against a target URL:
```
./cve-2025-9784-test.sh https://target-website.com
```


### Output

- The script will output test progress and results, highlighting if any signs of potential vulnerability are detected.
- It checks the server's HTTP/2 capability, baseline response times, and simulates attack conditions.
- Final assessment notes if the server might be vulnerable based on response failure and delay patterns.

## Important Notes

- Only test against systems you own or have explicit permission to assess.
- This script does **not** exploit the vulnerability but stresses the server to observe response anomalies.
- The vulnerability affects certain Undertow server implementations primarily found in Red Hat products and other Java-based servers.
- For more details on the vulnerability, visit the official advisory: [Red Hat CVE-2025-9784](https://access.redhat.com/security/cve/CVE-2025-9784)

## Contributing

Contributions, issues, and feature requests are welcome! Feel free to fork the repository and submit pull requests.


## Disclaimer

This tool is for educational and authorized security testing purposes only. The author is not responsible for any misuse or damage caused by this script.

---

文件快照


 [4.0K]  /data/pocs/1482d46ce173848bec85a9a9e7fae479ca93b666
├── [3.6K]  cve-2025-9784-test.sh
├── [1.0K]  LICENSE
└── [2.2K]  README.md

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。