A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:4505 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4506 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4507 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4509 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4918 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4919 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4920 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4921 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4924 | Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2023-3223 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2209689 | Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20231027-0004/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
27 Oct 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Sep 2023, 17:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform_text-only_advisories:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.9:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:* |
|
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4509 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-3223 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4506 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4924 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4921 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4918 - Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2209689 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4507 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4505 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4919 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4920 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Redhat single Sign-on
Redhat undertow Redhat jboss Enterprise Application Platform Redhat openshift Container Platform For Ibm Linuxone Redhat Redhat enterprise Linux Redhat jboss Enterprise Application Platform Text-only Advisories Redhat openshift Container Platform For Power Redhat openshift Container Platform |
|
CWE | NVD-CWE-noinfo |
27 Sep 2023, 15:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-27 15:18
Updated : 2023-12-10 15:14
NVD link : CVE-2023-3223
Mitre link : CVE-2023-3223
CVE.ORG link : CVE-2023-3223
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
- enterprise_linux
- undertow
- jboss_enterprise_application_platform_text-only_advisories
- openshift_container_platform
- openshift_container_platform_for_ibm_linuxone
- single_sign-on
- openshift_container_platform_for_power
CWE