Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism
CVE-2023-1973

7.5HIGH

What is CVE-2023-1973?

A vulnerability exists in the Undertow package, specifically within the FormAuthenticationMechanism. A malicious user can exploit this flaw by sending specially crafted requests to the server. This action could lead to a Denial of Service condition, causing the server to encounter an OutOfMemory error and exhausting its available memory resources. This vulnerability poses significant risks to application stability and overall service availability.

Affected Version(s)

Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 0:2.2.30-1.SP1_redhat_00001.1.el8eap

Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 0:2.2.30-1.SP1_redhat_00001.1.el9eap

Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 0:2.2.30-1.SP1_redhat_00001.1.el7eap

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-1973 : Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism