{
  "threat_severity" : "Important",
  "public_date" : "2024-04-04T00:00:00Z",
  "bugzilla" : {
    "description" : "undertow: unrestricted request storage leads to memory exhaustion",
    "id" : "2185662",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.", "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory." ],
  "affected_release" : [ {
    "product_name" : "Red Hat JBoss Enterprise Application Platform",
    "release_date" : "2024-04-04T00:00:00Z",
    "advisory" : "RHSA-2024:1677",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform::el7",
    "package" : "io.undertow/undertow-core:2.2.30.SP1-redhat-00001"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
    "release_date" : "2025-04-28T00:00:00Z",
    "advisory" : "RHSA-2025:4226",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7",
    "package" : "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
    "release_date" : "2025-04-28T00:00:00Z",
    "advisory" : "RHSA-2025:4226",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7",
    "package" : "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
    "release_date" : "2025-04-28T00:00:00Z",
    "advisory" : "RHSA-2025:4226",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7",
    "package" : "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
    "release_date" : "2025-04-28T00:00:00Z",
    "advisory" : "RHSA-2025:4226",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7",
    "package" : "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
    "release_date" : "2025-04-28T00:00:00Z",
    "advisory" : "RHSA-2025:4226",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7",
    "package" : "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
    "release_date" : "2025-04-28T00:00:00Z",
    "advisory" : "RHSA-2025:4226",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7",
    "package" : "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
    "release_date" : "2025-04-28T00:00:00Z",
    "advisory" : "RHSA-2025:4226",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7",
    "package" : "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
    "release_date" : "2025-04-28T00:00:00Z",
    "advisory" : "RHSA-2025:4226",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7",
    "package" : "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
    "release_date" : "2025-06-25T00:00:00Z",
    "advisory" : "RHSA-2025:9583",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7",
    "package" : "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
    "release_date" : "2024-04-04T00:00:00Z",
    "advisory" : "RHSA-2024:1675",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
    "package" : "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
    "release_date" : "2024-04-04T00:00:00Z",
    "advisory" : "RHSA-2024:1676",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
    "package" : "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
    "release_date" : "2024-04-04T00:00:00Z",
    "advisory" : "RHSA-2024:1674",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
    "package" : "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 8",
    "release_date" : "2024-05-08T00:00:00Z",
    "advisory" : "RHSA-2024:2763",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0",
    "package" : "undertow-core"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
    "release_date" : "2024-05-08T00:00:00Z",
    "advisory" : "RHSA-2024:2764",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
    "package" : "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
    "release_date" : "2024-05-08T00:00:00Z",
    "advisory" : "RHSA-2024:2764",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
    "package" : "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-1973\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1973" ],
  "name" : "CVE-2023-1973",
  "csaw" : false
}