Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3171


A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.


Published

2023-12-27T16:15:13.103

Last Modified

2024-11-21T08:16:37.137

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-789
  • Type: Primary
    CWE-770

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application redhat jboss_enterprise_application_platform 7.4 Yes
Operating System redhat enterprise_linux 7.0 No
Operating System redhat enterprise_linux 8.0 No
Operating System redhat enterprise_linux 9.0 No
Application redhat jboss_enterprise_application_platform - Yes

References