Description
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
Remediation
References
Related Vulnerabilities
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1886)
WordPress Plugin CMS Commander Client PHP Object Injection (2.21)
WordPress Plugin Search Logger-Know What Your Visitors Search SQL Injection (0.9)
WordPress Plugin Media File Renamer-Auto & Manual Rename Cross-Site Scripting (1.7.0)