Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2023-3223
HistorySep 27, 2023 - 3:18 p.m.

CVE-2023-3223

2023-09-2715:18:56
Debian Security Bug Tracker
security-tracker.debian.org
16
undertow
servlets
unauthorized
dos
attack

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.021

Percentile

89.2%

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it’s possible to bypass the limit by setting the file name in the request to null.

OSVersionArchitecturePackageVersionFilename
Debian999allundertow<=Β 2.3.8-2undertow_2.3.8-2_all.deb

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.021

Percentile

89.2%