CVE-2023-5379 - Vulnerability Details - OpenCVE

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00139.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:3.0.1-4.b08_redhat_00005.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:5.1.17-3.Final_redhat_00004.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:4.0.12-1.Final_redhat_00002.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:4.1.63-2.Final_redhat_00003.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:1.4.18-16.SP14_redhat_00001.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:7.1.11-4.GA_redhat_00002.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:1.1.14-1.Final_redhat_00001.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:1.0.21-1.Final_redhat_00001.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:1.0.13-1.Final_redhat_00001.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:1.0.12-1.Final_redhat_00001.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

affected

Version	Status	Constraints
`0:1.0.12-6.Final_redhat_00001.1.ep7.el7`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:2.10.4-3.redhat_00006.1.el7eap`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:2.10.4-3.redhat_00006.1.el7eap`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:2.10.4-5.redhat_00006.1.el7eap`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:2.10.4-3.redhat_00006.1.el7eap`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:2.10.4-5.redhat_00006.1.el7eap`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:2.10.4-2.redhat_00006.1.el7eap`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:1.7.2-16.Final_redhat_00017.1.el7eap`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:4.1.63-5.Final_redhat_00003.1.el7eap`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:2.0.41-4.SP5_redhat_00001.1.el7eap`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:7.3.14-3.GA_redhat_00002.1.el7eap`	unaffected	< *

Red Hat

Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

affected

Version	Status	Constraints
`0:1.10.17-1.Final_redhat_00001.1.el7eap`	unaffected	< *

Red Hat Red Hat build of Quarkus unaffected —

Red Hat Red Hat Data Grid 8 unaffected —

Red Hat Red Hat Decision Manager 7 unknown —

Red Hat Red Hat Fuse 7 unknown —

Red Hat Red Hat JBoss Data Grid 7 unknown —

Red Hat Red Hat JBoss Enterprise Application Platform 7 affected —

Red Hat Red Hat JBoss Fuse 6 unknown —

Red Hat Red Hat Process Automation 7 unknown —

Red Hat Red Hat Single Sign-On 7 affected —

Red Hat Red Hat support for Spring Boot unaffected —

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:-::::text-only:::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*
	cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
	cpe:2.3:a:redhat:undertow:-:::::::*

Package	CPE	Advisory	Released Date
Red Hat JBoss Enterprise Application Platform 7
	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:4509	2023-08-07T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z
eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:9583	2025-06-25T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Redhat Subscribe	Jboss Data Grid Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Application Platform Eus Subscribe Jboss Enterprise Bpms Platform Subscribe Jboss Enterprise Brms Platform Subscribe Jboss Fuse Subscribe Openshift Application Runtimes Subscribe Quarkus Subscribe Red Hat Single Sign On Subscribe Single Sign-on Subscribe Undertow Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-57695	A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:4509
https://access.redhat.com/errata/RHSA-2025:9582
https://access.redhat.com/errata/RHSA-2025:9583
https://access.redhat.com/security/cve/CVE-2023-5379
https://bugzilla.redhat.com/show_bug.cgi?id=2242099
https://nvd.nist.gov/vuln/detail/CVE-2023-5379
https://www.cve.org/CVERecord?id=CVE-2023-5379

History

Wed, 25 Jun 2025 01:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus
References		https://access.redhat.com/errata/RHSA-2025:9582 https://access.redhat.com/errata/RHSA-2025:9583

Mon, 02 Dec 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-12T21:54:52.669Z

Updated: 2025-11-07T10:51:59.956Z

Reserved: 2023-10-04T11:52:15.504Z

Link: CVE-2023-5379

Vulnrichment

Updated: 2024-08-02T07:59:43.927Z

NVD

Status : Modified

Published: 2023-12-12T22:15:22.410

Modified: 2025-10-25T01:15:42.677

Link: CVE-2023-5379

Redhat

Severity : Moderate

Publid Date: 2023-12-12T00:00:00Z

Links: CVE-2023-5379 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-5379", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-10-04T11:52:15.504Z", "datePublished": "2023-12-12T21:54:52.669Z", "dateUpdated": "2025-11-07T10:51:59.956Z"}, "containers": {"cna": {"title": "Undertow: ajp request closes connection exceeding maxrequestsize", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS)."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-glassfish-el", "defaultStatus": "affected", "versions": [{"version": "0:3.0.1-4.b08_redhat_00005.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-hibernate", "defaultStatus": "affected", "versions": [{"version": "0:5.1.17-3.Final_redhat_00004.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jackson-databind", "defaultStatus": "affected", "versions": [{"version": "0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-ejb-client", "defaultStatus": "affected", "versions": [{"version": "0:4.0.12-1.Final_redhat_00002.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-netty", "defaultStatus": "affected", "versions": [{"version": "0:4.1.63-2.Final_redhat_00003.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [{"version": "0:1.4.18-16.SP14_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly", "defaultStatus": "affected", "versions": [{"version": "0:7.1.11-4.GA_redhat_00002.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly-elytron", "defaultStatus": "affected", "versions": [{"version": "0:1.1.14-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly-http-client", "defaultStatus": "affected", "versions": [{"version": "0:1.0.21-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly-naming-client", "defaultStatus": "affected", "versions": [{"version": "0:1.0.13-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly-openssl", "defaultStatus": "affected", "versions": [{"version": "0:1.0.12-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly-openssl-linux", "defaultStatus": "affected", "versions": [{"version": "0:1.0.12-6.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jackson-annotations", "defaultStatus": "affected", "versions": [{"version": "0:2.10.4-3.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jackson-core", "defaultStatus": "affected", "versions": [{"version": "0:2.10.4-3.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jackson-databind", "defaultStatus": "affected", "versions": [{"version": "0:2.10.4-5.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jackson-jaxrs-providers", "defaultStatus": "affected", "versions": [{"version": "0:2.10.4-3.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jackson-modules-base", "defaultStatus": "affected", "versions": [{"version": "0:2.10.4-5.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jackson-modules-java8", "defaultStatus": "affected", "versions": [{"version": "0:2.10.4-2.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-server-migration", "defaultStatus": "affected", "versions": [{"version": "0:1.7.2-16.Final_redhat_00017.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-netty", "defaultStatus": "affected", "versions": [{"version": "0:4.1.63-5.Final_redhat_00003.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-undertow", "defaultStatus": "affected", "versions": [{"version": "0:2.0.41-4.SP5_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly", "defaultStatus": "affected", "versions": [{"version": "0:7.3.14-3.GA_redhat_00002.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly-elytron", "defaultStatus": "affected", "versions": [{"version": "0:1.10.17-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat build of Quarkus", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "io.quarkus/quarkus-undertow", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:quarkus:2"]}, {"vendor": "Red Hat", "product": "Red Hat Data Grid 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_data_grid:8"]}, {"vendor": "Red Hat", "product": "Red Hat Decision Manager 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_enterprise_brms_platform:7"]}, {"vendor": "Red Hat", "product": "Red Hat Fuse 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_data_grid:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Fuse 6", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse:6"]}, {"vendor": "Red Hat", "product": "Red Hat Process Automation 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"]}, {"vendor": "Red Hat", "product": "Red Hat support for Spring Boot", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "undertow", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_application_runtimes:1.0"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9582", "name": "RHSA-2025:9582", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9583", "name": "RHSA-2025:9583", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5379", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099", "name": "RHBZ#2242099", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-12-12T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-400->CWE-770: Uncontrolled Resource Consumption leads to Allocation of Resources Without Limits or Throttling", "timeline": [{"lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-12T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-07T10:51:59.956Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:43.927Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:4509", "name": "RHSA-2023:4509", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5379", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099", "name": "RHBZ#2242099", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2023-12-18T21:09:22.233848Z", "id": "CVE-2023-5379", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T14:30:02.796Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:4509", "name": "RHSA-2023:4509", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5379", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099", "name": "RHBZ#2242099", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:43.927Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5379", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2023-12-18T21:09:22.233848Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T14:29:58.076Z"}}], "cna": {"title": "Undertow: ajp request closes connection exceeding maxrequestsize", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.0.1-4.b08_redhat_00005.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-glassfish-el", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:5.1.17-3.Final_redhat_00004.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-hibernate", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jackson-databind", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:4.0.12-1.Final_redhat_00002.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-ejb-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:4.1.63-2.Final_redhat_00003.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-netty", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.4.18-16.SP14_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:7.1.11-4.GA_redhat_00002.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.1.14-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-elytron", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.0.21-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-http-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.0.13-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-naming-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.0.12-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-openssl", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.0.12-6.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-openssl-linux", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.10.4-3.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jackson-annotations", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.10.4-3.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jackson-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.10.4-5.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jackson-databind", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.10.4-3.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jackson-jaxrs-providers", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.10.4-5.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jackson-modules-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.10.4-2.redhat_00006.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jackson-modules-java8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.7.2-16.Final_redhat_00017.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-server-migration", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:4.1.63-5.Final_redhat_00003.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-netty", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.0.41-4.SP5_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:7.3.14-3.GA_redhat_00002.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.10.17-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-elytron", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quarkus:2"], "vendor": "Red Hat", "product": "Red Hat build of Quarkus", "packageName": "io.quarkus/quarkus-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "vendor": "Red Hat", "product": "Red Hat Data Grid 8", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_brms_platform:7"], "vendor": "Red Hat", "product": "Red Hat Decision Manager 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:7"], "vendor": "Red Hat", "product": "Red Hat Fuse 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:6"], "vendor": "Red Hat", "product": "Red Hat JBoss Fuse 6", "packageName": "undertow", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"], "vendor": "Red Hat", "product": "Red Hat Process Automation 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_application_runtimes:1.0"], "vendor": "Red Hat", "product": "Red Hat support for Spring Boot", "packageName": "undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-12T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-12-12T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9582", "name": "RHSA-2025:9582", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9583", "name": "RHSA-2025:9583", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5379", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099", "name": "RHBZ#2242099", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-07T10:51:59.956Z"}, "x_redhatCweChain": "CWE-400->CWE-770: Uncontrolled Resource Consumption leads to Allocation of Resources Without Limits or Throttling"}}, "cveMetadata": {"cveId": "CVE-2023-5379", "state": "PUBLISHED", "dateUpdated": "2025-11-07T10:51:59.956Z", "dateReserved": "2023-10-04T11:52:15.504Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-12-12T21:54:52.669Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*", "matchCriteriaId": "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:*", "matchCriteriaId": "8190B427-8350-43AE-8F54-6A40B701C95E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS)."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Undertow. Cuando se env\u00eda una solicitud AJP que excede el atributo max-header-size en ajp-listener, mod_cluster marca JBoss EAP en estado de error en httpd, lo que hace que JBoss EAP cierre la conexi\u00f3n TCP sin devolver una respuesta AJP. Esto sucede porque mod_proxy_cluster marca la instancia de JBoss EAP como un trabajador de error cuando la conexi\u00f3n TCP se cierra desde el backend despu\u00e9s de enviar la solicitud AJP sin recibir una respuesta AJP y deja de reenviar. Este problema podr\u00eda permitir que un usuario malintencionado env\u00ede repetidamente solicitudes que superen el tama\u00f1o m\u00e1ximo del encabezado, provocando una Denegaci\u00f3n de Servicio (DoS)."}], "id": "CVE-2023-5379", "lastModified": "2025-10-25T01:15:42.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-12T22:15:22.410", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:9582"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:9583"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5379"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:4509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:4509", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2023-08-07T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9582", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9583", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-06-25T00:00:00Z"}], "bugzilla": {"description": "undertow: AJP Request closes connection exceeding maxRequestSize", "id": "2242099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-400->CWE-770", "details": ["A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).", "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS)."], "name": "CVE-2023-5379", "package_state": [{"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "io.quarkus/quarkus-undertow", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Affected", "package_name": "undertow", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "undertow", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Will not fix", "package_name": "undertow", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat support for Spring Boot"}], "public_date": "2023-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5379\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5379"], "statement": "Due to AJP packet size limitation by ProxyIOBufferSize (default: 8192, max: 65536) directive on httpd side, AJP packets larger than 64KB will not reach JBoss EAP. The default value of max-header-size in JBoss EAP 7 is 1048576 (1MiB), therefore, only JBoss EAP instances with max-header-size set to 64 KB or less may be affected by this issue.", "threat_severity": "Moderate"}