Description
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Remediation
References
https://access.redhat.com/errata/RHSA-2023:4918
https://access.redhat.com/security/cve/CVE-2023-3223
https://access.redhat.com/errata/RHSA-2023:4919
https://access.redhat.com/errata/RHSA-2023:4507
https://bugzilla.redhat.com/show_bug.cgi?id=2209689
https://access.redhat.com/errata/RHSA-2023:4509
https://access.redhat.com/errata/RHSA-2023:4921
https://access.redhat.com/errata/RHSA-2023:4505
https://access.redhat.com/errata/RHSA-2023:4506
https://access.redhat.com/errata/RHSA-2023:4924
https://access.redhat.com/errata/RHSA-2023:4920
https://security.netapp.com/advisory/ntap-20231027-0004/
https://access.redhat.com/errata/RHSA-2023:7247
Related Vulnerabilities
CVE-2022-34785 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics
CVE-2020-17527 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2011-1026 Vulnerability in maven package org.apache.archiva:archiva
CVE-2018-1000197 Vulnerability in maven package com.blackducksoftware.integration:blackduck-hub