Bug 2209689 (CVE-2023-3223)

Summary: CVE-2023-3223 undertow: OutOfMemoryError due to @MultipartConfig handling
Product: [Other] Security Response Reporter: Patrick Del Bello <pdelbell>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aileenc, alampare, alazarot, anstephe, asoldano, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, clement.escoffier, cmoulliard, dandread, darran.lofthouse, dhanak, dkreling, dosoudil, drichtar, eglynn, emingora, eric.wittmann, fjuma, gjospin, gmalinko, gsmet, hamadhan, hbraun, ibek, ikanello, ivassile, iweiss, janstey, jjoyce, jmartisk, jrokos, jschluet, kverlaen, lbacciot, lgao, lhh, lthon, max.andersen, mburns, mgarciac, mnovotny, mosmerov, msochure, mstefank, msvehla, nwallace, pantinor, pdelbell, pdrozd, peholase, pgallagh, pgrist, pjindal, pmackay, probinso, pskopek, rguimara, rowaters, rruss, rstancel, rsvoboda, sbiarozk, sdouglas, security-response-team, smaestri, sthorger, tom.jenkinson, tqvarnst
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: undertow 2.2.24 Doc Type: ---
Doc Text:
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-07 20:08:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2208052    

Description Patrick Del Bello 2023-05-24 14:00:17 UTC
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause OutOfMemoryError due to huge sized multipart content .This vulnerability can be exploited by unauthorized users to cause remote Denial-of-Service (DoS) attack. And if the server use fileSizeThreshold for the file size limit, it's possible to bypass the limit by setting the file name in the request to null.

Comment 5 errata-xmlrpc 2023-08-07 15:02:25 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2023:4509 https://access.redhat.com/errata/RHSA-2023:4509

Comment 6 errata-xmlrpc 2023-08-07 15:14:56 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2023:4505 https://access.redhat.com/errata/RHSA-2023:4505

Comment 7 errata-xmlrpc 2023-08-07 15:15:35 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2023:4506 https://access.redhat.com/errata/RHSA-2023:4506

Comment 8 errata-xmlrpc 2023-08-07 15:16:38 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2023:4507 https://access.redhat.com/errata/RHSA-2023:4507

Comment 9 Product Security DevOps Team 2023-08-07 20:08:14 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-3223

Comment 13 errata-xmlrpc 2023-08-31 13:25:14 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 8

Via RHSA-2023:4919 https://access.redhat.com/errata/RHSA-2023:4919

Comment 14 errata-xmlrpc 2023-08-31 13:25:23 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 7

Via RHSA-2023:4918 https://access.redhat.com/errata/RHSA-2023:4918

Comment 15 errata-xmlrpc 2023-08-31 13:25:31 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 9

Via RHSA-2023:4920 https://access.redhat.com/errata/RHSA-2023:4920

Comment 16 errata-xmlrpc 2023-08-31 13:25:41 UTC
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2023:4921 https://access.redhat.com/errata/RHSA-2023:4921

Comment 17 errata-xmlrpc 2023-08-31 13:29:23 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6.5

Via RHSA-2023:4924 https://access.redhat.com/errata/RHSA-2023:4924

Comment 18 errata-xmlrpc 2023-11-15 17:07:52 UTC
This issue has been addressed in the following products:

  Red Hat Fuse 7.12.1

Via RHSA-2023:7247 https://access.redhat.com/errata/RHSA-2023:7247

Comment 19 errata-xmlrpc 2024-05-23 22:45:35 UTC
This issue has been addressed in the following products:

  Red Hat Fuse 7.13.0

Via RHSA-2024:3354 https://access.redhat.com/errata/RHSA-2024:3354