VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-h8wm-d2hd-z3a4

Essentials
Severities (61)
References (24)
Severity details (34)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-h8wm-d2hd-z3a4
Aliases	CVE-2023-1973 GHSA-97cq-f4jm-mv8h
Summary	Undertow Denial of Service vulnerability A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-400	Uncontrolled Resource Consumption
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1674
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1674
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1674
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1675
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1675
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1675
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1676
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1676
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1676
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:1677
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:1677
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1677
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:2763
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:2763
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2763
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:2764
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:2764
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2764
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2023-1973
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2023-1973
ssvc	Track	https://access.redhat.com/security/cve/CVE-2023-1973
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00259	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00259	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00536	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2023-1973
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2185662
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2185662
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2185662
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-97cq-f4jm-mv8h
cvssv3.1	7.5	https://github.com/undertow-io/undertow
generic_textual	MODERATE	https://github.com/undertow-io/undertow
cvssv3.1	7.5	https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258
generic_textual	MODERATE	https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258
cvssv3.1	7.5	https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78
generic_textual	MODERATE	https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-1973
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-1973

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:1674
		https://access.redhat.com/errata/RHSA-2024:1675
		https://access.redhat.com/errata/RHSA-2024:1676
		https://access.redhat.com/errata/RHSA-2024:1677
		https://access.redhat.com/errata/RHSA-2024:2763
		https://access.redhat.com/errata/RHSA-2024:2764
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json
		https://access.redhat.com/security/cve/CVE-2023-1973
		https://api.first.org/data/v1/epss?cve=CVE-2023-1973
		https://bugzilla.redhat.com/show_bug.cgi?id=2185662
		https://github.com/undertow-io/undertow
		https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258
		https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78
		https://nvd.nist.gov/vuln/detail/CVE-2023-1973
1068815		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815
cpe:/a:redhat:jboss_enterprise_application_platform:7.4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
GHSA-97cq-f4jm-mv8h		https://github.com/advisories/GHSA-97cq-f4jm-mv8h
RHSA-2025:9583		https://access.redhat.com/errata/RHSA-2025:9583

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1674

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ Found at https://access.redhat.com/errata/RHSA-2024:1674

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1675

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ Found at https://access.redhat.com/errata/RHSA-2024:1675

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1676

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ Found at https://access.redhat.com/errata/RHSA-2024:1676

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:1677

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ Found at https://access.redhat.com/errata/RHSA-2024:1677

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:2763

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ Found at https://access.redhat.com/errata/RHSA-2024:2763

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:2764

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ Found at https://access.redhat.com/errata/RHSA-2024:2764

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2023-1973

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ Found at https://access.redhat.com/security/cve/CVE-2023-1973

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2185662

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2185662

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1973

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.44618
EPSS Score	0.00218
Published At	Aug. 3, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:33:55.830867+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-97cq-f4jm-mv8h/GHSA-97cq-f4jm-mv8h.json	37.0.0