CVE-2023-5379 (GCVE-0-2023-5379)

Vulnerability from cvelistv5 – Published: 2023-12-12 21:54 – Updated: 2025-11-07 10:51
VLAI?
Summary
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
https://access.redhat.com/errata/RHSA-2025:9582 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:9583 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5379 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2242099 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:3.0.1-4.b08_redhat_00005.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:5.1.17-3.Final_redhat_00004.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:4.0.12-1.Final_redhat_00002.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:4.1.63-2.Final_redhat_00003.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.4.18-16.SP14_redhat_00001.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:7.1.11-4.GA_redhat_00002.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.1.14-1.Final_redhat_00001.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.0.21-1.Final_redhat_00001.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.0.13-1.Final_redhat_00001.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.0.12-1.Final_redhat_00001.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.0.12-6.Final_redhat_00001.1.ep7.el7 , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-3.redhat_00006.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-3.redhat_00006.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-5.redhat_00006.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-3.redhat_00006.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-5.redhat_00006.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.10.4-2.redhat_00006.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:1.7.2-16.Final_redhat_00017.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:4.1.63-5.Final_redhat_00003.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-4.SP5_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.14-3.GA_redhat_00002.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:1.10.17-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
 Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
 Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
 Create a notification for this product.
    Red Hat Red Hat Decision Manager 7     cpe:/a:redhat:jboss_enterprise_brms_platform:7
 Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
 Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
 Create a notification for this product.
    Red Hat Red Hat JBoss Fuse 6     cpe:/a:redhat:jboss_fuse:6
 Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
 Create a notification for this product.
    Red Hat Red Hat support for Spring Boot     cpe:/a:redhat:openshift_application_runtimes:1.0
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:59:43.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:4509",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:4509"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5379"
          },
          {
            "name": "RHBZ#2242099",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5379",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-18T21:09:22.233848Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T14:30:02.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-el",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-4.b08_redhat_00005.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.17-3.Final_redhat_00004.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-databind",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-ejb-client",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.12-1.Final_redhat_00002.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-netty",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.1.63-2.Final_redhat_00003.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.18-16.SP14_redhat_00001.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.1.11-4.GA_redhat_00002.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.14-1.Final_redhat_00001.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-http-client",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.21-1.Final_redhat_00001.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-naming-client",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.13-1.Final_redhat_00001.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-openssl",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.12-1.Final_redhat_00001.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-openssl-linux",
          "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.12-6.Final_redhat_00001.1.ep7.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-3.redhat_00006.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-core",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-3.redhat_00006.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-databind",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-5.redhat_00006.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-jaxrs-providers",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-3.redhat_00006.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-modules-base",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-5.redhat_00006.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-modules-java8",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-2.redhat_00006.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.7.2-16.Final_redhat_00017.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-netty",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.1.63-5.Final_redhat_00003.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.41-4.SP5_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.14-3.GA_redhat_00002.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.17-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "io.quarkus/quarkus-undertow",
          "product": "Red Hat build of Quarkus",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat Decision Manager 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat JBoss Fuse 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_application_runtimes:1.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat support for Spring Boot",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-12-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-07T10:51:59.956Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:9582",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9582"
        },
        {
          "name": "RHSA-2025:9583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9583"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5379"
        },
        {
          "name": "RHBZ#2242099",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-04T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-12T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Undertow: ajp request closes connection exceeding maxrequestsize",
      "x_redhatCweChain": "CWE-400-\u003eCWE-770: Uncontrolled Resource Consumption leads to Allocation of Resources Without Limits or Throttling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5379",
    "datePublished": "2023-12-12T21:54:52.669Z",
    "dateReserved": "2023-10-04T11:52:15.504Z",
    "dateUpdated": "2025-11-07T10:51:59.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*\", \"matchCriteriaId\": \"B8423D7F-3A8F-4AD8-BF51-245C9D8DD816\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72A54BDA-311C-413B-8E4D-388AD65A170A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8190B427-8350-43AE-8F54-6A40B701C95E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una falla en Undertow. Cuando se env\\u00eda una solicitud AJP que excede el atributo max-header-size en ajp-listener, mod_cluster marca JBoss EAP en estado de error en httpd, lo que hace que JBoss EAP cierre la conexi\\u00f3n TCP sin devolver una respuesta AJP. Esto sucede porque mod_proxy_cluster marca la instancia de JBoss EAP como un trabajador de error cuando la conexi\\u00f3n TCP se cierra desde el backend despu\\u00e9s de enviar la solicitud AJP sin recibir una respuesta AJP y deja de reenviar. Este problema podr\\u00eda permitir que un usuario malintencionado env\\u00ede repetidamente solicitudes que superen el tama\\u00f1o m\\u00e1ximo del encabezado, provocando una Denegaci\\u00f3n de Servicio (DoS).\"}]",
      "id": "CVE-2023-5379",
      "lastModified": "2024-11-21T08:41:39.073",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-12-12T22:15:22.410",
      "references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2023:4509\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-5379\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242099\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:4509\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-5379\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242099\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-5379\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-12-12T22:15:22.410\",\"lastModified\":\"2025-10-25T01:15:42.677\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en Undertow. Cuando se env\u00eda una solicitud AJP que excede el atributo max-header-size en ajp-listener, mod_cluster marca JBoss EAP en estado de error en httpd, lo que hace que JBoss EAP cierre la conexi\u00f3n TCP sin devolver una respuesta AJP. Esto sucede porque mod_proxy_cluster marca la instancia de JBoss EAP como un trabajador de error cuando la conexi\u00f3n TCP se cierra desde el backend despu\u00e9s de enviar la solicitud AJP sin recibir una respuesta AJP y deja de reenviar. Este problema podr\u00eda permitir que un usuario malintencionado env\u00ede repetidamente solicitudes que superen el tama\u00f1o m\u00e1ximo del encabezado, provocando una Denegaci\u00f3n de Servicio (DoS).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*\",\"matchCriteriaId\":\"B8423D7F-3A8F-4AD8-BF51-245C9D8DD816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A54BDA-311C-413B-8E4D-388AD65A170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8190B427-8350-43AE-8F54-6A40B701C95E\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9582\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9583\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-5379\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242099\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:4509\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-5379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2023:4509\", \"name\": \"RHSA-2023:4509\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-5379\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242099\", \"name\": \"RHBZ#2242099\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:59:43.927Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5379\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-18T21:09:22.233848Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-02T14:29:58.076Z\"}}], \"cna\": {\"title\": \"Undertow: ajp request closes connection exceeding maxrequestsize\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.0.1-4.b08_redhat_00005.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-glassfish-el\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:5.1.17-3.Final_redhat_00004.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-hibernate\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-jackson-databind\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.0.12-1.Final_redhat_00002.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-jboss-ejb-client\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.1.63-2.Final_redhat_00003.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-netty\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.4.18-16.SP14_redhat_00001.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:7.1.11-4.GA_redhat_00002.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-wildfly\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.1.14-1.Final_redhat_00001.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-wildfly-elytron\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.0.21-1.Final_redhat_00001.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-wildfly-http-client\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.0.13-1.Final_redhat_00001.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-wildfly-naming-client\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.0.12-1.Final_redhat_00001.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-wildfly-openssl\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.0.12-6.Final_redhat_00001.1.ep7.el7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-wildfly-openssl-linux\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.10.4-3.redhat_00006.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-jackson-annotations\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.10.4-3.redhat_00006.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-jackson-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.10.4-5.redhat_00006.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-jackson-databind\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.10.4-3.redhat_00006.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-jackson-jaxrs-providers\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.10.4-5.redhat_00006.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-jackson-modules-base\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.10.4-2.redhat_00006.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-jackson-modules-java8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.7.2-16.Final_redhat_00017.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-jboss-server-migration\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.1.63-5.Final_redhat_00003.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-netty\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.0.41-4.SP5_redhat_00001.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:7.3.14-3.GA_redhat_00002.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-wildfly\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.10.17-1.Final_redhat_00001.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-wildfly-elytron\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quarkus:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Quarkus\", \"packageName\": \"io.quarkus/quarkus-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_data_grid:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Data Grid 8\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_brms_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Decision Manager 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Fuse 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_data_grid:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Data Grid 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Fuse 6\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Process Automation 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_single_sign_on:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Single Sign-On 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_application_runtimes:1.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat support for Spring Boot\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-10-04T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2023-12-12T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2023-12-12T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:9582\", \"name\": \"RHSA-2025:9582\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:9583\", \"name\": \"RHSA-2025:9583\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-5379\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242099\", \"name\": \"RHBZ#2242099\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-07T10:51:59.956Z\"}, \"x_redhatCweChain\": \"CWE-400-\u003eCWE-770: Uncontrolled Resource Consumption leads to Allocation of Resources Without Limits or Throttling\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-5379\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-07T10:51:59.956Z\", \"dateReserved\": \"2023-10-04T11:52:15.504Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2023-12-12T21:54:52.669Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.