Showing 1 - 3 of 3

CVE-2023-26048

Status Candidate

Overview

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).

Related Files

Red Hat Security Advisory 2023-5441-01: Posted Oct 5, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5441-01 - Red Hat Integration Camel for Spring Boot 4.0.0 is now available. Issues addressed include an XML injection vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-44729, CVE-2022-44730, CVE-2022-46751, CVE-2023-26048, CVE-2023-26049, CVE-2023-33008, CVE-2023-34462, CVE-2023-40167; SHA-256 | 4985987bfaf6fd9ed60f606650443e1312bbb66be0bb205dc8e01101a680964b; Download | Favorite | View

Debian Security Advisory 5507-1: Posted Sep 29, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5507-1 - Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine.; tags | advisory, java, web, vulnerability; systems | linux, debian; advisories | CVE-2023-26048, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900; SHA-256 | add9ce48f70949f251aaf9dc376f273010c354d922fa240e65e58d7f6bb3685a; Download | Favorite | View

Red Hat Security Advisory 2023-5165-01: Posted Sep 15, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5165-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Issues addressed include code execution, denial of service, deserialization, and integer overflow vulnerabilities.; tags | advisory, denial of service, overflow, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2021-37136, CVE-2021-37137, CVE-2022-1471, CVE-2022-24823, CVE-2022-36944, CVE-2023-0482, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-33201, CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-34462; SHA-256 | c7bacd29d694aaaaf457349ec19016b4d130ffc214bfce870fe209e62bdbdd3c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 272 files
indoushka 184 files
Jay Turla 150 files
Ubuntu 90 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 25 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,126)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,592)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,362)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,911)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,882)
UNIX (9,459)
UnixWare (188)
Windows (6,772)
Other

CVE-2023-26048

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems