CVE-2023-3223

CVSS V2 None CVSS V3 None
Description
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Overview
  • CVE ID
  • CVE-2023-3223
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-09-27T13:54:44.682Z
  • Last Modified Date
  • 2024-05-03T15:32:37.244Z
Weakness Enumerations
CWE URL
CWE-789 http://cwe.mitre.org/data/definitions/789.html
References
Reference URL Reference Tags
https://access.redhat.com/errata/RHSA-2023:4505 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4506 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4507 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4509 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4918 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4919 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4920 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4921 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4924 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7247 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-3223 vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2209689 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20231027-0004/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-3223
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3223
History
Created Old Value New Value Data Type Notes
2024-06-24 20:39:59 Added to TrackCVE