CVE-2023-1973

{"id": "CVE-2023-1973", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-07T10:15:05.400", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1674", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1675", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1676", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1677", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2763", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2764", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-1973", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en el paquete Undertow. Mediante el uso de FormAuthenticationMechanism, un usuario malintencionado podr\u00eda provocar una denegaci\u00f3n de servicio mediante el env\u00edo de solicitudes manipuladas, lo que provocar\u00eda un error de falta de memoria en el servidor y agotar\u00eda su memoria."}], "lastModified": "2024-11-08T19:01:03.880", "sourceIdentifier": "secalert@redhat.com"}