CVE-2023-1973
📋 TL;DR
This vulnerability in Undertow's FormAuthenticationMechanism allows attackers to cause denial of service by sending specially crafted requests that trigger out-of-memory errors. It affects systems using Undertow with form authentication enabled. The flaw can exhaust server memory, making services unavailable.
💻 Affected Systems
- Undertow
- Red Hat JBoss EAP
- Red Hat JBoss Web Server
- Red Hat Single Sign-On
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server unavailability due to memory exhaustion, requiring restart and potentially causing extended downtime.
Likely Case
Service disruption affecting availability of web applications using form authentication.
If Mitigated
Minimal impact with proper memory limits and monitoring in place.
🎯 Exploit Status
Crafted requests can be sent without authentication to vulnerable endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Undertow 2.3.10.Final or later, and corresponding Red Hat product updates
Vendor Advisory: https://access.redhat.com/errata/RHSA-2024:1674
Restart Required: Yes
Instructions:
1. Identify affected Undertow or Red Hat product installations. 2. Apply vendor-provided patches. 3. Restart affected services. 4. Verify patch application.
🔧 Temporary Workarounds
Disable Form Authentication
allTemporarily disable FormAuthenticationMechanism if not required
Modify undertow subsystem configuration to use alternative authentication mechanisms
Implement Request Limits
allConfigure request size limits and connection throttling
Set max-post-size and other request limits in Undertow configuration
🧯 If You Can't Patch
- Implement WAF rules to block suspicious form authentication requests
- Monitor memory usage and set up alerts for abnormal patterns
🔍 How to Verify
Check if Vulnerable:
Check Undertow version and verify if FormAuthenticationMechanism is enabled in configurationCheck Version:
java -jar undertow-core.jar --version or check application server versionVerify Fix Applied:
Confirm Undertow version is 2.3.10.Final or later, or corresponding Red Hat product patch level📡 Detection & Monitoring
Log Indicators:
- OutOfMemoryError in logs
- Abnormally high memory usage patterns
- Multiple failed authentication attempts
Network Indicators:
- Unusually large POST requests to authentication endpoints
- High volume of requests to form login pages
SIEM Query:
source="application.logs" AND ("OutOfMemoryError" OR "java.lang.OutOfMemoryError") AND "undertow"🔗 References
- https://access.redhat.com/errata/RHSA-2024:1674
- https://access.redhat.com/errata/RHSA-2024:1675
- https://access.redhat.com/errata/RHSA-2024:1676
- https://access.redhat.com/errata/RHSA-2024:1677
- https://access.redhat.com/errata/RHSA-2024:2763
- https://access.redhat.com/errata/RHSA-2024:2764
- https://access.redhat.com/security/cve/CVE-2023-1973
- https://bugzilla.redhat.com/show_bug.cgi?id=2185662
