Back to bug 2209689
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Patrick Del Bello | 2023-05-24 14:00:17 UTC | CC | security-response-team | |
| Patrick Del Bello | 2023-06-13 15:51:09 UTC | Alias | CVE-2023-3223 | |
| Summary | EMBARGOED undertow: OutOfMemoryError due to @MultipartConfig handling | EMBARGOED CVE-2023-3223 undertow: OutOfMemoryError due to @MultipartConfig handling | ||
| Paige Jung | 2023-06-13 17:05:51 UTC | Doc Text | A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause OutOfMemoryError due to huge sized multipart content .This vulnerability can be exploited by unauthorized users to cause remote Denial-of-Service (DoS) attack. And if the server use fileSizeThreshold for the file size limit, it's possible to bypass the limit by setting the file name in the request to null | A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. |
| Red Hat Bugzilla | 2023-07-07 08:33:04 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team | security-response-team | ||
| Chess Hazlett | 2023-08-07 14:37:49 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2023-3223 undertow: OutOfMemoryError due to @MultipartConfig handling | CVE-2023-3223 undertow: OutOfMemoryError due to @MultipartConfig handling | ||
| CC | mstefank | |||
| errata-xmlrpc | 2023-08-07 15:02:27 UTC | Link ID | Red Hat Product Errata RHSA-2023:4509 | |
| errata-xmlrpc | 2023-08-07 15:14:58 UTC | Link ID | Red Hat Product Errata RHSA-2023:4505 | |
| errata-xmlrpc | 2023-08-07 15:15:37 UTC | Link ID | Red Hat Product Errata RHSA-2023:4506 | |
| errata-xmlrpc | 2023-08-07 15:16:40 UTC | Link ID | Red Hat Product Errata RHSA-2023:4507 | |
| Product Security DevOps Team | 2023-08-07 20:08:17 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-08-07 20:08:17 UTC | |||
| Patrick Del Bello | 2023-08-11 18:32:38 UTC | CC | aileenc, alampare, alazarot, anstephe, avibelli, bgeorges, boliveir, clement.escoffier, cmoulliard, dandread, dhanak, drichtar, eglynn, emingora, eric.wittmann, gjospin, gmalinko, gsmet, hamadhan, hbraun, ibek, ikanello, janstey, jjoyce, jmartisk, jrokos, jschluet, kverlaen, lbacciot, lhh, lthon, max.andersen, mburns, mgarciac, mnovotny, pantinor, pdelbell, pdrozd, peholase, pgallagh, pgrist, probinso, pskopek, rguimara, rowaters, rruss, rsvoboda, sbiarozk, sdouglas, sthorger, tqvarnst |
Back to bug 2209689