[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-9589":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":86,"aliases":87,"duplicate_of":9,"upstream":89,"downstream":90,"duplicates":107,"related":108,"reserved_at":9,"published_at":109,"modified_at":110,"state":111,"summary":112,"references_raw":121,"kevs":198,"epss":199,"epss_history":202,"metrics":447,"affected":459},"CVE-2016-9589","Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to \"max-headers\" (default 200) * \"max-header-size\" (default 1MB) per active TCP connection.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[88],"GHSA-p4xg-cpr9-vwvj",[],[91,93,95,97,99,101,103,105],{"_key":92},"RHSA-2017:0831",{"_key":94},"RHSA-2017:0832",{"_key":96},"RHSA-2017:0834",{"_key":98},"RHSA-2017:0872",{"_key":100},"RHSA-2017:0873",{"_key":102},"RHSA-2017:3454",{"_key":104},"RHSA-2017:3455",{"_key":106},"RHSA-2017:3458",[],[],"2018-03-12T15:00:00.000Z","2024-08-06T02:59:02.944Z","Modified",{"cisa_kev":113,"cisa_ransomware":113,"cisa_vendor":9,"epss_severity":114,"epss_score":115,"severity":116,"severity_score":117,"severity_version":118,"severity_source":119,"severity_vector":120,"severity_status":111},false,"low",0.02193,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[122,131,135,139,145,149,153,160,164,168,172,176,180,184,189,194],{"url":123,"sources":124,"tags":127},"http://rhn.redhat.com/errata/RHSA-2017-0831.html",[125,119,126],"cve.org","osv_maven",[128,129,130],"Vendor Advisory","X Refsource REDHAT","WEB",{"url":132,"sources":133,"tags":134},"http://rhn.redhat.com/errata/RHSA-2017-0876.html",[125,119,126],[128,129,130],{"url":136,"sources":137,"tags":138},"http://rhn.redhat.com/errata/RHSA-2017-0834.html",[125,119,126],[128,129,130],{"url":140,"sources":141,"tags":142},"https://bugzilla.redhat.com/show_bug.cgi?id=1404782",[125,119,126],[143,144,130],"X Refsource CONFIRM","Issue Tracking",{"url":146,"sources":147,"tags":148},"https://access.redhat.com/errata/RHSA-2017:3458",[125,119,126],[128,129,130],{"url":150,"sources":151,"tags":152},"http://rhn.redhat.com/errata/RHSA-2017-0832.html",[125,119,126],[128,129,130],{"url":154,"sources":155,"tags":156},"http://www.securityfocus.com/bid/97060",[125,119],[157,158,159],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":161,"sources":162,"tags":163},"https://access.redhat.com/errata/RHSA-2017:3455",[125,119,126],[128,129,130],{"url":165,"sources":166,"tags":167},"https://access.redhat.com/errata/RHSA-2017:3456",[125,119,126],[128,129,130],{"url":169,"sources":170,"tags":171},"https://access.redhat.com/errata/RHSA-2017:0873",[125,119,126],[128,129,130],{"url":173,"sources":174,"tags":175},"https://access.redhat.com/errata/RHSA-2017:3454",[125,119,126],[128,129,130],{"url":177,"sources":178,"tags":179},"http://rhn.redhat.com/errata/RHSA-2017-0830.html",[125,119,126],[128,129,130],{"url":181,"sources":182,"tags":183},"https://access.redhat.com/errata/RHSA-2017:0872",[125,119,126],[128,129,130],{"url":185,"sources":186,"tags":187},"https://nvd.nist.gov/vuln/detail/CVE-2016-9589",[126],[188],"Advisory",{"url":190,"sources":191,"tags":192},"https://github.com/wildfly/wildfly",[126],[193],"PACKAGE",{"url":195,"sources":196,"tags":197},"https://web.archive.org/web/20200227180917/https://www.securityfocus.com/bid/97060",[126],[130],[],{"date":200,"score":115,"percentile":201},"2026-06-04",0.84704,[203,206,209,212,215,218,221,224,227,230,233,235,237,240,243,246,248,251,254,256,259,261,263,265,268,271,273,276,279,282,285,287,289,291,293,296,299,302,305,308,311,313,315,318,321,323,326,328,331,334,337,340,343,345,348,351,354,356,359,362,365,368,371,373,375,377,380,383,386,389,392,394,396,398,401,404,407,410,413,416,419,422,425,428,431,433,436,439,442,444],{"date":204,"score":115,"percentile":205},"2025-11-04",0.83834,{"date":207,"score":115,"percentile":208},"2025-11-05",0.83839,{"date":210,"score":115,"percentile":211},"2025-11-06",0.83842,{"date":213,"score":115,"percentile":214},"2025-11-07",0.83847,{"date":216,"score":115,"percentile":217},"2025-11-08",0.83851,{"date":219,"score":115,"percentile":220},"2025-11-09",0.83845,{"date":222,"score":115,"percentile":223},"2025-11-10",0.83838,{"date":225,"score":115,"percentile":226},"2025-11-11",0.83843,{"date":228,"score":115,"percentile":229},"2025-11-12",0.83853,{"date":231,"score":115,"percentile":232},"2025-11-13",0.8386,{"date":234,"score":115,"percentile":232},"2025-11-14",{"date":236,"score":115,"percentile":229},"2025-11-15",{"date":238,"score":115,"percentile":239},"2025-11-16",0.83856,{"date":241,"score":115,"percentile":242},"2025-11-17",0.83855,{"date":244,"score":115,"percentile":245},"2025-11-18",0.83041,{"date":247,"score":115,"percentile":245},"2025-11-19",{"date":249,"score":115,"percentile":250},"2025-11-20",0.83047,{"date":252,"score":115,"percentile":253},"2025-11-21",0.83866,{"date":255,"score":115,"percentile":253},"2025-11-22",{"date":257,"score":115,"percentile":258},"2025-11-23",0.83857,{"date":260,"score":115,"percentile":258},"2025-11-24",{"date":262,"score":115,"percentile":229},"2025-11-25",{"date":264,"score":115,"percentile":229},"2025-11-26",{"date":266,"score":115,"percentile":267},"2025-11-27",0.83852,{"date":269,"score":115,"percentile":270},"2025-11-28",0.83841,{"date":272,"score":115,"percentile":242},"2025-11-29",{"date":274,"score":115,"percentile":275},"2025-11-30",0.83858,{"date":277,"score":115,"percentile":278},"2025-12-01",0.83929,{"date":280,"score":115,"percentile":281},"2025-12-02",0.8393,{"date":283,"score":115,"percentile":284},"2025-12-03",0.83931,{"date":286,"score":115,"percentile":232},"2025-12-04",{"date":288,"score":115,"percentile":253},"2025-12-05",{"date":290,"score":115,"percentile":253},"2025-12-06",{"date":292,"score":115,"percentile":258},"2025-12-07",{"date":294,"score":115,"percentile":295},"2025-12-08",0.83859,{"date":297,"score":115,"percentile":298},"2025-12-09",0.83872,{"date":300,"score":115,"percentile":301},"2025-12-10",0.83893,{"date":303,"score":115,"percentile":304},"2025-12-11",0.83907,{"date":306,"score":115,"percentile":307},"2025-12-12",0.83914,{"date":309,"score":115,"percentile":310},"2025-12-13",0.83909,{"date":312,"score":115,"percentile":310},"2025-12-14",{"date":314,"score":115,"percentile":310},"2025-12-15",{"date":316,"score":115,"percentile":317},"2025-12-16",0.83917,{"date":319,"score":115,"percentile":320},"2025-12-17",0.83923,{"date":322,"score":115,"percentile":278},"2025-12-18",{"date":324,"score":115,"percentile":325},"2025-12-19",0.83934,{"date":327,"score":115,"percentile":278},"2025-12-20",{"date":329,"score":115,"percentile":330},"2025-12-21",0.83928,{"date":332,"score":115,"percentile":333},"2025-12-22",0.83924,{"date":335,"score":115,"percentile":336},"2025-12-23",0.83926,{"date":338,"score":115,"percentile":339},"2025-12-24",0.83937,{"date":341,"score":115,"percentile":342},"2025-12-25",0.83953,{"date":344,"score":115,"percentile":342},"2025-12-26",{"date":346,"score":115,"percentile":347},"2025-12-27",0.83996,{"date":349,"score":115,"percentile":350},"2025-12-28",0.83938,{"date":352,"score":115,"percentile":353},"2025-12-29",0.83933,{"date":355,"score":115,"percentile":350},"2025-12-30",{"date":357,"score":115,"percentile":358},"2025-12-31",0.83952,{"date":360,"score":115,"percentile":361},"2026-01-01",0.8402,{"date":363,"score":115,"percentile":364},"2026-01-02",0.84018,{"date":366,"score":115,"percentile":367},"2026-01-03",0.84012,{"date":369,"score":115,"percentile":370},"2026-01-04",0.8394,{"date":372,"score":115,"percentile":325},"2026-01-05",{"date":374,"score":115,"percentile":370},"2026-01-06",{"date":376,"score":115,"percentile":339},"2026-01-07",{"date":378,"score":115,"percentile":379},"2026-01-08",0.83946,{"date":381,"score":115,"percentile":382},"2026-01-09",0.83947,{"date":384,"score":115,"percentile":385},"2026-01-10",0.83943,{"date":387,"score":115,"percentile":388},"2026-01-11",0.83941,{"date":390,"score":115,"percentile":391},"2026-01-12",0.83936,{"date":393,"score":115,"percentile":353},"2026-01-13",{"date":395,"score":115,"percentile":358},"2026-01-14",{"date":397,"score":115,"percentile":358},"2026-01-15",{"date":399,"score":115,"percentile":400},"2026-01-16",0.83962,{"date":402,"score":115,"percentile":403},"2026-01-17",0.83966,{"date":405,"score":115,"percentile":406},"2026-01-18",0.83961,{"date":408,"score":115,"percentile":409},"2026-01-19",0.83957,{"date":411,"score":115,"percentile":412},"2026-01-20",0.83959,{"date":414,"score":115,"percentile":415},"2026-01-21",0.83964,{"date":417,"score":115,"percentile":418},"2026-01-22",0.83968,{"date":420,"score":115,"percentile":421},"2026-01-23",0.83993,{"date":423,"score":115,"percentile":424},"2026-01-24",0.84002,{"date":426,"score":115,"percentile":427},"2026-01-25",0.83999,{"date":429,"score":115,"percentile":430},"2026-01-26",0.83998,{"date":432,"score":115,"percentile":424},"2026-01-27",{"date":434,"score":115,"percentile":435},"2026-01-28",0.84005,{"date":437,"score":115,"percentile":438},"2026-01-29",0.84006,{"date":440,"score":115,"percentile":441},"2026-01-30",0.8401,{"date":443,"score":115,"percentile":441},"2026-01-31",{"date":445,"score":115,"percentile":446},"2026-02-01",0.84079,[448,457],{"source":119,"cvss_v2_0":449,"cvss_v3_0":454,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":450,"baseSeverity":9,"vectorString":451,"impactScore":452,"exploitabilityScore":453},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":117,"baseSeverity":455,"vectorString":120,"impactScore":456,"exploitabilityScore":453},"HIGH",6,{"source":126,"cvss_v2_0":9,"cvss_v3_0":458,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":117,"baseSeverity":9,"vectorString":120,"impactScore":456,"exploitabilityScore":453},[460,473,481],{"ecosystem":461,"name":462,"vendor":463,"product":464,"cpe_part":9,"purl_type":465,"purl_namespace":463,"purl_name":464,"source":9,"versions":466},"Maven","org.wildfly:wildfly-undertow","org.wildfly","wildfly-undertow","maven",[467],{"version":468,"is_range":469,"range_type":470,"version_start":9,"version_start_type":9,"version_end":471,"version_end_type":472,"fixed_in":9},"lt11_0_0_Beta1",true,"ecosystem","11.0.0.Beta1","excluding",{"ecosystem":9,"name":474,"vendor":475,"product":476,"cpe_part":477,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":478},"Wildfly","red hat, inc.","wildfly","a",[479],{"version":471,"is_range":113,"range_type":125,"version_start":471,"version_start_type":480,"version_end":471,"version_end_type":480,"fixed_in":9},"including",{"ecosystem":9,"name":482,"vendor":483,"product":484,"cpe_part":477,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":485},"jboss wildfly application server","redhat","jboss_wildfly_application_server",[486,490],{"version":487,"is_range":469,"range_type":488,"version_start":9,"version_start_type":9,"version_end":489,"version_end_type":480,"fixed_in":9},"lte10.1.0","cpe","10.1.0",{"version":491,"is_range":113,"range_type":488,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0.0:alpha1"]