A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
Vulnerable Library - undertow-servlet-2.2.18.Final.jar
Library home page: http://www.jboss.org
Path to dependency file: /pom.xml
Path to vulnerable library: /pom.xml
Found in HEAD commit: d67e54672029af15dc698e22c2838b75b9a6aeb6
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-3223
### Vulnerable Library - undertow-servlet-2.2.18.Final.jarLibrary home page: http://www.jboss.org
Path to dependency file: /pom.xml
Path to vulnerable library: /pom.xml
Dependency Hierarchy: - :x: **undertow-servlet-2.2.18.Final.jar** (Vulnerable Library)
Found in HEAD commit: d67e54672029af15dc698e22c2838b75b9a6aeb6
Found in base branch: main
### Vulnerability DetailsA flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Publish Date: 2023-09-27
URL: CVE-2023-3223
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=2209689
Release Date: 2023-09-27
Fix Resolution: 2.2.26.Final
In order to enable automatic remediation, please create workflow rules
CVE-2024-3653
### Vulnerable Library - undertow-servlet-2.2.18.Final.jarLibrary home page: http://www.jboss.org
Path to dependency file: /pom.xml
Path to vulnerable library: /pom.xml
Dependency Hierarchy: - :x: **undertow-servlet-2.2.18.Final.jar** (Vulnerable Library)
Found in HEAD commit: d67e54672029af15dc698e22c2838b75b9a6aeb6
Found in base branch: main
### Vulnerability DetailsA vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
Publish Date: 2024-07-08
URL: CVE-2024-3653
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-3653
Release Date: 2024-07-08
Fix Resolution: io.undertow:undertow-core - 2.3.0.Alpha1
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules