Bug 2185662 (CVE-2023-1973)
| Summary: | CVE-2023-1973 undertow: unrestricted request storage leads to memory exhaustion | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Chess Hazlett <chazlett> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | asoldano, bbaranow, bmaxwell, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, fjuma, ivassile, iweiss, james, lgao, mosmerov, msochure, mstefank, msvehla, nwallace, pdelbell, pjindal, pmackay, rstancel, security-response-team, smaestri, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | undertow 2.2.32.Final, undertow 2.3.13.Final | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2171939 | ||
|
Description
Chess Hazlett
2023-04-10 20:40:57 UTC
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2024:1676 https://access.redhat.com/errata/RHSA-2024:1676 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2024:1675 https://access.redhat.com/errata/RHSA-2024:1675 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2024:1674 https://access.redhat.com/errata/RHSA-2024:1674 This issue has been addressed in the following products: EAP 7.4.16 Via RHSA-2024:1677 https://access.redhat.com/errata/RHSA-2024:1677 Yet another old CVE that has been "addressed" and made public with no Open Source fix released. https://github.com/undertow-io/undertow RedHat you are really working hard to make all Undertow users vulnerable. The following goods have addressed this issue: https://geometrydash-lite.io Zoome Australia values its loyal players and offers a rewarding loyalty program to show its appreciation. The program is designed to give players extra perks based on their activity, allowing them to earn rewards each time they play. As players place bets, they earn loyalty points, which can then be exchanged for bonuses, free spins, or other rewards. The loyalty program features multiple levels, each with its own set of benefits. As players progress through the levels, they unlock access to exclusive bonuses, personalized promotions, and even faster withdrawals. VIP players at the highest levels may also enjoy dedicated account managers, special gifts, and invitations to exclusive events, adding a touch of luxury to their gaming experience https://zoome-au.com/ . By joining Zoome’s loyalty program, players can get more value out of every wager they place. The program is open to all registered players, making it easy to start earning points right away. With a focus on rewarding regular play, Zoome’s loyalty program is a great way for players to enhance their experience and enjoy added perks with each game they play. |