Cyber Resilience

CVE-2024-4027

High

Published: 30 January 2026

Published
30 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0038 60.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-4027 is a high-severity Improper Input Validation (CWE-20) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-4027 is a vulnerability in Undertow, where servlets that invoke the HttpServletRequestImpl.getParameterNames() method can trigger an OutOfMemoryError. This occurs when a client sends an HTTP request containing large parameter names, leading to excessive memory consumption. The flaw is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-20 (Improper Input Validation).

An unauthorized remote attacker can exploit this vulnerability by crafting and sending an HTTP request with oversized parameter names to a vulnerable Undertow instance. Successful exploitation results in a denial-of-service (DoS) condition, as the server exhausts available memory and becomes unresponsive.

Red Hat has published a security advisory with details on affected products, patches, and mitigation steps at https://access.redhat.com/security/cve/CVE-2024-4027. Additional technical information is available in the Bugzilla tracker at https://bugzilla.redhat.com/show_bug.cgi?id=2276410.

EU & UK References

Vulnerability details

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote…

more

denial-of-service (DoS) attack.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct remote exploitation of public-facing web component (Undertow) via crafted HTTP input to trigger application-level DoS via resource exhaustion.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71003Shared CWE-20
CVE-2026-26310Shared CWE-20
CVE-2025-66786Shared CWE-20
CVE-2025-59895Shared CWE-20
CVE-2026-26314Shared CWE-20
CVE-2025-69232Shared CWE-20
CVE-2026-26154Shared CWE-20
CVE-2026-21864Shared CWE-20
CVE-2025-15606Shared CWE-20
CVE-2026-23825Shared CWE-20

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring timely remediation of the Undertow flaw through vendor patches to prevent OutOfMemoryError exploitation.

prevent

Implements input validation to check HTTP parameter names for excessive size, preventing memory exhaustion from improper validation.

prevent

Protects against denial-of-service attacks by limiting the effects of memory-exhausting HTTP requests with large parameter names.

References