Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-3223

Опубликовано: 27 сент. 2023
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
Версия до 2.2.24 (исключая)
Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 75%
0.00879
Низкий

7.5 High

CVSS3

Дефекты

CWE-789
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2023-3223

CVSS3: 7.5
ubuntu
больше 2 лет назад

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

redhat логотип

CVE-2023-3223

CVSS3: 7.5
redhat
больше 2 лет назад

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

debian логотип

CVE-2023-3223

CVSS3: 7.5
debian
больше 2 лет назад

A flaw was found in undertow. Servlets annotated with @MultipartConfig ...

github логотип

GHSA-65h2-wf7m-q2v8

CVSS3: 7.5
github
больше 2 лет назад

Undertow vulnerable to denial of service

EPSS

Процентиль: 75%
0.00879
Низкий

7.5 High

CVSS3

Дефекты

CWE-789
NVD-CWE-noinfo