CVE-2023-3223
HIGH7.5EPSS 0.65%Undertow vulnerable to denial of service
發布日:2023/9/27修改日:2024/5/3
描述
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
受影響套件(2)
- Debian/undertowfrom 0, < 2.3.18-1
- Maven/io.undertow:undertow-parentfrom 0, < 2.2.24.Final
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(16)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-3223
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-3223
- PATCHhttps://github.com/undertow-io/undertow
- WEBhttps://access.redhat.com/errata/RHSA-2023:4505
- WEBhttps://access.redhat.com/errata/RHSA-2023:4506
- WEBhttps://access.redhat.com/errata/RHSA-2023:4507
- WEBhttps://access.redhat.com/errata/RHSA-2023:4509
- WEBhttps://access.redhat.com/errata/RHSA-2023:4918
- WEBhttps://access.redhat.com/errata/RHSA-2023:4919
- WEBhttps://access.redhat.com/errata/RHSA-2023:4920
- WEBhttps://access.redhat.com/errata/RHSA-2023:4921
- WEBhttps://access.redhat.com/errata/RHSA-2023:4924
- WEBhttps://access.redhat.com/errata/RHSA-2023:7247
- WEBhttps://access.redhat.com/security/cve/CVE-2023-3223
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2209689
- WEBhttps://security.netapp.com/advisory/ntap-20231027-0004