Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3223

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Published

2023-09-27T15:18:56.457

Last Modified

2024-11-21T08:16:44.037

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-789
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	undertow	< 2.2.24	Yes
Application	redhat	openshift_container_platform	4.11	Yes
Application	redhat	openshift_container_platform	4.12	Yes
Application	redhat	openshift_container_platform_for_ibm_linuxone	4.9	Yes
Application	redhat	openshift_container_platform_for_ibm_linuxone	4.10	Yes
Application	redhat	openshift_container_platform_for_power	4.9	Yes
Application	redhat	openshift_container_platform_for_power	4.10	Yes
Operating System	redhat	enterprise_linux	8.0	No
Application	redhat	jboss_enterprise_application_platform_text-only_advisories	-	Yes
Application	redhat	single_sign-on	-	Yes
Application	redhat	single_sign-on	7.6	Yes
Operating System	redhat	enterprise_linux	7.0	No
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux	9.0	No
Application	redhat	jboss_enterprise_application_platform	7.4	Yes
Operating System	redhat	enterprise_linux	7.0	No
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux	9.0	No

References

https://access.redhat.com/errata/RHSA-2023:4505 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:4506 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:4507 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:4509 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:4918 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:4919 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:4920 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:4921 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:4924 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7247 ([email protected])
https://access.redhat.com/security/cve/CVE-2023-3223 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2209689 Issue Tracking, Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20231027-0004/ ([email protected])
https://access.redhat.com/errata/RHSA-2023:4505 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:4506 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:4507 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:4509 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:4918 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:4919 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:4920 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:4921 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:4924 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7247 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-3223 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2209689 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231027-0004/ (af854a3a-2127-422b-91ae-364da2661108)