CVE-2023-3223

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-3223
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2023:4505 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4506 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4507 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4509 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4918 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4919 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4920 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4921 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4924 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7247
https://access.redhat.com/security/cve/CVE-2023-3223 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2209689 Issue Tracking Vendor Advisory
https://security.netapp.com/advisory/ntap-20231027-0004/
https://access.redhat.com/errata/RHSA-2023:4505 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4506 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4507 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4509 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4918 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4919 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4920 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4921 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4924 Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7247
https://access.redhat.com/security/cve/CVE-2023-3223 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2209689 Issue Tracking Vendor Advisory
https://security.netapp.com/advisory/ntap-20231027-0004/
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_application_platform_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
History

21 Nov 2024, 08:16

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2023:4505 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2023:4505 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:4506 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2023:4506 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:4507 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2023:4507 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:4509 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2023:4509 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:4918 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2023:4918 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:4919 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2023:4919 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:4920 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2023:4920 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:4921 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2023:4921 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:4924 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2023:4924 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:7247 - () https://access.redhat.com/errata/RHSA-2023:7247 -
References () https://access.redhat.com/security/cve/CVE-2023-3223 - Vendor Advisory () https://access.redhat.com/security/cve/CVE-2023-3223 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2209689 - Issue Tracking, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2209689 - Issue Tracking, Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20231027-0004/ - () https://security.netapp.com/advisory/ntap-20231027-0004/ -

03 May 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7247 -

27 Oct 2023, 15:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20231027-0004/ -

28 Sep 2023, 17:43

Type Values Removed Values Added
First Time Redhat undertow
Redhat
Redhat enterprise Linux
Redhat jboss Enterprise Application Platform
Redhat jboss Enterprise Application Platform Text-only Advisories
Redhat single Sign-on
Redhat openshift Container Platform For Ibm Linuxone
Redhat openshift Container Platform For Power
Redhat openshift Container Platform
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
References (MISC) https://access.redhat.com/errata/RHSA-2023:4507 - (MISC) https://access.redhat.com/errata/RHSA-2023:4507 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4924 - (MISC) https://access.redhat.com/errata/RHSA-2023:4924 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4509 - (MISC) https://access.redhat.com/errata/RHSA-2023:4509 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4920 - (MISC) https://access.redhat.com/errata/RHSA-2023:4920 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4506 - (MISC) https://access.redhat.com/errata/RHSA-2023:4506 - Vendor Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-3223 - (MISC) https://access.redhat.com/security/cve/CVE-2023-3223 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4919 - (MISC) https://access.redhat.com/errata/RHSA-2023:4919 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4505 - (MISC) https://access.redhat.com/errata/RHSA-2023:4505 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4921 - (MISC) https://access.redhat.com/errata/RHSA-2023:4921 - Vendor Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2209689 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2209689 - Issue Tracking, Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4918 - (MISC) https://access.redhat.com/errata/RHSA-2023:4918 - Vendor Advisory

27 Sep 2023, 15:18

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-27 15:18

Updated : 2024-11-21 08:16

NVD link : CVE-2023-3223

Mitre link : CVE-2023-3223

CVE.ORG link : CVE-2023-3223

JSON object : View

Products Affected

redhat

  • undertow
  • openshift_container_platform_for_ibm_linuxone
  • jboss_enterprise_application_platform
  • openshift_container_platform_for_power
  • jboss_enterprise_application_platform_text-only_advisories
  • openshift_container_platform
  • single_sign-on
  • enterprise_linux
CWE
CWE-789

Memory Allocation with Excessive Size Value

NVD-CWE-noinfo