7.5 - CVE-2023-5379

Executive Summary

Informations
Name	CVE-2023-5379	First vendor Publication	2023-12-12
Vendor	Cve	Last vendor Modification	2023-12-20

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score	7.5
Base Score	7.5	Environmental Score	7.5
impact SubScore	3.6	Temporal Score	7.5
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	None
Integrity Impact	None	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5379

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-770	Allocation of Resources Without Limits or Throttling

CPE : Common Platform Enumeration

Type	Description	Count
Application	Redhat Jboss Enterprise Application Platform cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::* cpe:2.3:a:redhat:jboss_enterprise_application_platform:-::::text-only:::	2
Application	Redhat Single Sign-On cpe:2.3:a:redhat:single_sign-on:7.0:::::::*	1
Application	Redhat Undertow cpe:2.3:a:redhat:undertow:-:::::::*	1

Sources (Detail)

https://access.redhat.com/errata/RHSA-2023:4509
https://access.redhat.com/security/cve/CVE-2023-5379
https://bugzilla.redhat.com/show_bug.cgi?id=2242099

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-12-21 21:27:56	Multiple Updates
2023-12-13 09:27:23	Multiple Updates
2023-12-13 00:27:23	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	4
Sources(s)	3

7.5 - CVE-2023-5379

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU