CVE-2023-5379

Undertow: ajp request closes connection exceeding maxrequestsize

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).

Se encontró una falla en Undertow. Cuando se envía una solicitud AJP que excede el atributo max-header-size en ajp-listener, mod_cluster marca JBoss EAP en estado de error en httpd, lo que hace que JBoss EAP cierre la conexión TCP sin devolver una respuesta AJP. Esto sucede porque mod_proxy_cluster marca la instancia de JBoss EAP como un trabajador de error cuando la conexión TCP se cierra desde el backend después de enviar la solicitud AJP sin recibir una respuesta AJP y deja de reenviar. Este problema podría permitir que un usuario malintencionado envíe repetidamente solicitudes que superen el tamaño máximo del encabezado, provocando una Denegación de Servicio (DoS).

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-10-04 CVE Reserved
2023-12-12 CVE Published
2023-12-21 EPSS Updated
2024-09-13 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-770: Allocation of Resources Without Limits or Throttling

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2023:4509	2023-12-20
https://access.redhat.com/security/cve/CVE-2023-5379	2023-08-07
https://bugzilla.redhat.com/show_bug.cgi?id=2242099	2023-08-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"				-		text-only		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"				7.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0.0"		-		Affected
Redhat Search vendor "Redhat"		Single Sign-on Search vendor "Redhat" for product "Single Sign-on"				7.0 Search vendor "Redhat" for product "Single Sign-on" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Undertow Search vendor "Redhat" for product "Undertow"				-		-		Affected