Description
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Remediation
References
https://access.redhat.com/errata/RHSA-2023:4505
https://access.redhat.com/errata/RHSA-2023:4506
https://access.redhat.com/errata/RHSA-2023:4507
https://access.redhat.com/errata/RHSA-2023:4509
https://access.redhat.com/errata/RHSA-2023:4918
https://access.redhat.com/errata/RHSA-2023:4919
https://access.redhat.com/errata/RHSA-2023:4920
https://access.redhat.com/errata/RHSA-2023:4921
https://access.redhat.com/errata/RHSA-2023:4924
https://access.redhat.com/errata/RHSA-2023:7247
https://access.redhat.com/security/cve/CVE-2023-3223
https://bugzilla.redhat.com/show_bug.cgi?id=2209689
https://security.netapp.com/advisory/ntap-20231027-0004/
Related Vulnerabilities
CVE-2013-6397 Vulnerability in maven package org.apache.solr:solr-core
CVE-2020-25640 Vulnerability in maven package org.jboss.genericjms:generic-jms-ra-jar
CVE-2020-35510 Vulnerability in maven package org.jboss.remoting:jboss-remoting
CVE-2022-23848 Vulnerability in maven package org.alluxio:alluxio-logserver