Veracode Vulnerability DatabaseVERACODE:43524Denial Of Service (DOS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.2%
io.undertow: undertow-servlet is vulnerable to Denial Of Service (DOS). The vulnerability is caused by excessive memory consumption due to large multipart content upload handling resulting in OutOfMemoryError while processing @MultipartConfig annotated servlets. This can allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it’s possible to bypass the limit by setting the file name in the request to null.
References
access.redhat.com/errata/RHSA-2023:4505
access.redhat.com/errata/RHSA-2023:4506
access.redhat.com/errata/RHSA-2023:4507
access.redhat.com/errata/RHSA-2023:4509
access.redhat.com/errata/RHSA-2023:4918
access.redhat.com/errata/RHSA-2023:4919
access.redhat.com/errata/RHSA-2023:4920
access.redhat.com/errata/RHSA-2023:4921
access.redhat.com/errata/RHSA-2023:4924
access.redhat.com/errata/RHSA-2023:7247
access.redhat.com/security/cve/CVE-2023-3223
bugzilla.redhat.com/show_bug.cgi?id=2209689
github.com/advisories/GHSA-65h2-wf7m-q2v8
github.com/undertow-io/undertow/commit/1fa4e465bfec140cdcb7c0abd2102695da3c333e
github.com/undertow-io/undertow/commit/22464f8b83788ae0758858d3a33cf7473044f9e9
issues.redhat.com/browse/UNDERTOW-2277
security.netapp.com/advisory/ntap-20231027-0004/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.2%