CVE-2023-3223 Information
Description
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size it’s possible to bypass the limit by setting the file name in the request to null.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
https://access.redhat.com/errata/RHSA-2023:4918 https://access.redhat.com/security/cve/CVE-2023-3223 https://access.redhat.com/errata/RHSA-2023:4919 https://access.redhat.com/errata/RHSA-2023:4507 https://bugzilla.redhat.com/show_bug.cgi?id=2209689 https://access.redhat.com/errata/RHSA-2023:4509 https://access.redhat.com/errata/RHSA-2023:4921 https://access.redhat.com/errata/RHSA-2023:4505 https://access.redhat.com/errata/RHSA-2023:4506 https://access.redhat.com/errata/RHSA-2023:4924 https://access.redhat.com/errata/RHSA-2023:4920
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: