CVE-2023-3223

EUVD-2023-2441
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
redhatundertow
𝑥
< 2.2.24
redhatopenshift_container_platform
4.11
redhatopenshift_container_platform
4.12
redhatopenshift_container_platform_for_ibm_linuxone
4.9
redhatopenshift_container_platform_for_ibm_linuxone
4.10
redhatopenshift_container_platform_for_power
4.9
redhatopenshift_container_platform_for_power
4.10
redhatjboss_enterprise_application_platform_text-only_advisories
-
redhatsingle_sign-on
-
redhatsingle_sign-on
7.6
redhatjboss_enterprise_application_platform
7.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
undertow
sid
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
undertow
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
lunar
dne
mantic
dne
noble
needs-triage
oracular
needs-triage
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:4505
https://access.redhat.com/errata/RHSA-2023:4506
https://access.redhat.com/errata/RHSA-2023:4507
https://access.redhat.com/errata/RHSA-2023:4509
https://access.redhat.com/errata/RHSA-2023:4918
https://access.redhat.com/errata/RHSA-2023:4919
https://access.redhat.com/errata/RHSA-2023:4920
https://access.redhat.com/errata/RHSA-2023:4921
https://access.redhat.com/errata/RHSA-2023:4924
https://access.redhat.com/errata/RHSA-2023:7247
https://access.redhat.com/security/cve/CVE-2023-3223
https://bugzilla.redhat.com/show_bug.cgi?id=2209689
https://security.netapp.com/advisory/ntap-20231027-0004/
https://access.redhat.com/errata/RHSA-2023:4505
https://access.redhat.com/errata/RHSA-2023:4506
https://access.redhat.com/errata/RHSA-2023:4507
https://access.redhat.com/errata/RHSA-2023:4509
https://access.redhat.com/errata/RHSA-2023:4918
https://access.redhat.com/errata/RHSA-2023:4919
https://access.redhat.com/errata/RHSA-2023:4920
https://access.redhat.com/errata/RHSA-2023:4921
https://access.redhat.com/errata/RHSA-2023:4924
https://access.redhat.com/errata/RHSA-2023:7247
https://access.redhat.com/security/cve/CVE-2023-3223
https://bugzilla.redhat.com/show_bug.cgi?id=2209689
https://security.netapp.com/advisory/ntap-20231027-0004/