Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism
CVE-2023-1973

7.5HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Jboss Enterprise Application Platform 7
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9
Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7
Vendor
CVE Published:
7 November 2024

What is CVE-2023-1973?

A vulnerability exists in the Undertow package, specifically within the FormAuthenticationMechanism. A malicious user can exploit this flaw by sending specially crafted requests to the server. This action could lead to a Denial of Service condition, causing the server to encounter an OutOfMemory error and exhausting its available memory resources. This vulnerability poses significant risks to application stability and overall service availability.

Affected Version(s)

Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 0:2.2.30-1.SP1_redhat_00001.1.el8eap

Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 0:2.2.30-1.SP1_redhat_00001.1.el9eap

Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 0:2.2.30-1.SP1_redhat_00001.1.el7eap

References

https://access.redhat.com/errata/RHSA-2024:1674
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1675
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1676
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.