7.5

CVE-2023-1973

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version < *
Version 0:2.2.30-1.SP1_redhat_00001.1.el8eap
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version < *
Version 0:2.2.30-1.SP1_redhat_00001.1.el9eap
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
Default Statusaffected
Version < *
Version 0:2.2.30-1.SP1_redhat_00001.1.el7eap
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 8
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version < *
Version 0:2.3.11-1.SP1_redhat_00001.1.el8eap
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
Default Statusaffected
Version < *
Version 0:2.3.11-1.SP1_redhat_00001.1.el9eap
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.54% 0.665
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.