PT-2023-5739 · Eap-7 · Eap 7

Chess Hazlett

Publicado

2023-06-08

Atualizado

2024-01-04

CVE-2023-3171

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions EAP-7 versions (affected versions not specified)

Description A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service. The vulnerability is related to the deserialization of untrusted data, which can be exploited by a remote attacker to cause a denial of service by sending specially crafted requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Deserialization of Untrusted Data

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502CWE-770CWE-789

Identificadores relacionados

BDU:2023-06409

CVE-2023-3171

RHSA-2023:5484

RHSA-2023:5485

RHSA-2023:5486

RHSA-2024:10207

RHSA-2024:10208

Produtos afetados

Eap 7

PT-2023-5739 · Eap-7 · Eap 7

CVE-2023-3171

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13