CVE-2023-3171 - Vulnerability Details

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Jboss Enterprise Application Platform Jboss Enterprise Application Platform Eus

Configuration 1 [-]

AND

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 2 [-]

cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*

Package	CPE	Advisory	Released Date
EAP 7.4.13
server	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:5488	2023-10-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:5485	2023-10-06T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:5486	2023-10-06T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z
eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:5484	2023-10-05T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:5484
https://access.redhat.com/errata/RHSA-2023:5485
https://access.redhat.com/errata/RHSA-2023:5486
https://access.redhat.com/errata/RHSA-2023:5488
https://access.redhat.com/security/cve/CVE-2023-3171
https://bugzilla.redhat.com/show_bug.cgi?id=2213639
https://nvd.nist.gov/vuln/detail/CVE-2023-3171
https://www.cve.org/CVERecord?id=CVE-2023-3171

History

Mon, 25 Nov 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-27T15:45:33.293Z

Updated: 2024-08-02T06:48:08.117Z

Reserved: 2023-06-08T19:52:58.072Z

Link: CVE-2023-3171

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-27T16:15:13.103

Modified: 2024-11-21T08:16:37.137

Link: CVE-2023-3171

Redhat

Severity : Important

Publid Date: 2023-10-05T00:00:00Z

Links: CVE-2023-3171 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object