Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism
CVE-2023-1973

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Jboss Enterprise Application Platform 7
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9
Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7
Vendor
CVE Published:
7 November 2024

Summary

A vulnerability exists in the Undertow package, specifically within the FormAuthenticationMechanism. A malicious user can exploit this flaw by sending specially crafted requests to the server. This action could lead to a Denial of Service condition, causing the server to encounter an OutOfMemory error and exhausting its available memory resources. This vulnerability poses significant risks to application stability and overall service availability.

References

https://access.redhat.com/errata/RHSA-2024:1674
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1675
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1676
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.