Description
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Remediation
References
https://access.redhat.com/errata/RHSA-2023:4505
https://access.redhat.com/errata/RHSA-2023:4506
https://access.redhat.com/errata/RHSA-2023:4507
https://access.redhat.com/errata/RHSA-2023:4509
https://access.redhat.com/errata/RHSA-2023:4918
https://access.redhat.com/errata/RHSA-2023:4919
https://access.redhat.com/errata/RHSA-2023:4920
https://access.redhat.com/errata/RHSA-2023:4921
https://access.redhat.com/errata/RHSA-2023:4924
https://access.redhat.com/errata/RHSA-2023:7247
https://access.redhat.com/security/cve/CVE-2023-3223
https://bugzilla.redhat.com/show_bug.cgi?id=2209689
https://security.netapp.com/advisory/ntap-20231027-0004/
Related Vulnerabilities
CVE-2023-37962 Vulnerability in maven package io.jenkins.plugins:benchmark-evaluator
CVE-2016-0709 Vulnerability in maven package org.apache.portals.jetspeed-2:j2-admin
CVE-2018-1000129 Vulnerability in maven package org.jolokia:jolokia-core
CVE-2020-25633 Vulnerability in maven package org.jboss.resteasy:resteasy-client-api