Lucene search

K
redhatcveRedhat.comRH:CVE-2023-26048
HistoryAug 31, 2023 - 1:30 a.m.

CVE-2023-26048

2023-08-3101:30:14
redhat.com
access.redhat.com
34
cve-2023-26048; outofmemoryerror; servlet; multipart support; unreliable state

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

4.8

Confidence

High

EPSS

0.002

Percentile

61.3%

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

4.8

Confidence

High

EPSS

0.002

Percentile

61.3%