CVE-2023-3223

moderate-risk

Published 2023-09-27

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Do I need to act?

0.88% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (11)

Undertow

Openshift Container Platform

Openshift Container Platform For Ibm Linuxone

Openshift Container Platform For Power

Jboss Enterprise Application Platform Text-Only Advisories

Single Sign-On

Jboss Enterprise Application Platform

Affected Vendors

Redhat

References (26)

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4505

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4506

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4507

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4509

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4918

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4919

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4920

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4921

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4924

https://access.redhat.com/errata/RHSA-2023:7247

Vendor Advisory https://access.redhat.com/security/cve/CVE-2023-3223

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2209689

https://security.netapp.com/advisory/ntap-20231027-0004/

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4505

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4506

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4507

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4509

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4918

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4919

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:4920

and 6 more references

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 3/34 · Minimal

Exposure 16/34 · Moderate