Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism
CVE-2023-1973
Key Information:
What is CVE-2023-1973?
A vulnerability exists in the Undertow package, specifically within the FormAuthenticationMechanism. A malicious user can exploit this flaw by sending specially crafted requests to the server. This action could lead to a Denial of Service condition, causing the server to encounter an OutOfMemory error and exhausting its available memory resources. This vulnerability poses significant risks to application stability and overall service availability.
Affected Version(s)
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 0:2.2.30-1.SP1_redhat_00001.1.el8eap
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 0:2.2.30-1.SP1_redhat_00001.1.el9eap
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 0:2.2.30-1.SP1_redhat_00001.1.el7eap