Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Undertow CVE-2023-3223 Vulnerability (CVE-2023-3223)

Description

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Remediation

References

Related Vulnerabilities

WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) Cross-Site Request Forgery (2.0.2)

MySQL CVE-2019-2801 Vulnerability (CVE-2019-2801)

WordPress Plugin White Label CMS Cross-Site Scripting (1.5.2)

WordPress Plugin Car Demon Multiple Cross-Site Scripting Vulnerabilities (1.0.1)

SharePoint Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-42309)

Severity

High

Classification

CVE-2023-3223 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities