Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-3223
HistorySep 27, 2023 - 12:00 a.m.

CVE-2023-3223

2023-09-2700:00:00
ubuntu.com
ubuntu.com
19
undertow
unauthorized access
denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.021 Low

EPSS

Percentile

89.2%

A flaw was found in undertow. Servlets annotated with @MultipartConfig may
cause an OutOfMemoryError due to large multipart content. This may allow
unauthorized users to cause remote Denial of Service (DoS) attack. If the
server uses fileSizeThreshold to limit the file size, it’s possible to
bypass the limit by setting the file name in the request to null.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.021 Low

EPSS

Percentile

89.2%