A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:4505 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4506 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4507 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4509 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4918 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4919 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4920 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4921 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:4924 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:7247 | |
https://access.redhat.com/security/cve/CVE-2023-3223 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2209689 | Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20231027-0004/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
03 May 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Oct 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Sep 2023, 17:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:jboss_enterprise_application_platform_text-only_advisories:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.9:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4918 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4505 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-3223 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4919 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4507 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4509 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4506 - Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2209689 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4921 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4920 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4924 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | NVD-CWE-noinfo | |
First Time |
Redhat openshift Container Platform
Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Application Platform Text-only Advisories Redhat Redhat single Sign-on Redhat undertow Redhat openshift Container Platform For Ibm Linuxone Redhat enterprise Linux Redhat openshift Container Platform For Power |
27 Sep 2023, 15:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-27 15:18
Updated : 2024-05-03 16:15
NVD link : CVE-2023-3223
Mitre link : CVE-2023-3223
CVE.ORG link : CVE-2023-3223
JSON object : View
Products Affected
redhat
- single_sign-on
- openshift_container_platform
- undertow
- jboss_enterprise_application_platform_text-only_advisories
- openshift_container_platform_for_ibm_linuxone
- jboss_enterprise_application_platform
- openshift_container_platform_for_power
- enterprise_linux
CWE