| Vulnerability Name: | CVE-2023-26048 (CCN-253356) | ||||||||||||
| Assigned: | 2023-04-18 | ||||||||||||
| Published: | 2023-04-18 | ||||||||||||
| Updated: | 2023-05-26 | ||||||||||||
| Summary: | Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter() or HttpServletRequest.getParts() function. By sending a specially crafted multipart request, a remote attacker could exploit this vulnerability to cause a denial of service condition. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2023-26048 Source: XF Type: UNKNOWN eclipse-cve202326048-dos(253356) Source: security-advisories@github.com Type: Patch security-advisories@github.com Source: security-advisories@github.com Type: Patch security-advisories@github.com Source: security-advisories@github.com Type: Patch security-advisories@github.com Source: CCN Type: Jetty GIT Repository OutOfMemoryError for large multipart without filename read via request.getParameter() Source: security-advisories@github.com Type: Vendor Advisory security-advisories@github.com Source: security-advisories@github.com Type: Technical Description security-advisories@github.com Source: security-advisories@github.com Type: UNKNOWN security-advisories@github.com Source: CCN Type: IBM Security Bulletin 6992077 (Security Verify Information Queue) IBM Security Verify Information Queue has multiple third-party library vulnerabilities Source: CCN Type: IBM Security Bulletin 7002159 (Watson Discovery) IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Eclipse Jetty Source: CCN Type: IBM Security Bulletin 7008445 (InfoSphere Information Server) IBM InfoSphere Information Server is affected by a vulnerability in Eclipse Jetty (CVE-2023-26048) Source: CCN Type: IBM Security Bulletin 7009729 (Rational Functional Tester) An Eclipse Jetty vulnerability affects IBM Rational Functional Tester Source: CCN Type: IBM Security Bulletin 7011337 (Sterling Connect:Direct Web Services) IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty Source: CCN Type: IBM Security Bulletin 7014905 (Sterling Connect:Direct Browser User Interface) IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty. Source: CCN Type: IBM Security Bulletin 7014917 (Rational Change) Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 05 and earlier versions. Source: CCN Type: IBM Security Bulletin 7014919 (Rational Synergy) Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 05 and earlier versions. Source: CCN Type: IBM Security Bulletin 7015801 (Cloud Pak for Data System) Vulnerability in jetty-server affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-26048] Source: CCN Type: Mend Vulnerability Database CVE-2023-26048 | ||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||