VDB
CVE-2023-3171
CVE-2023-3171
PUBLISHED
Es besteht eine Schwachstelle in der Red Hat JBoss Enterprise Application Platform. Dieser Fehler besteht in der EAP-7-Komponente während der Deserialisierung bestimmter Klassen, wodurch es möglich ist, bösartige Anfragen zu übermitteln und den Heap zu erschöpfen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
EPSS 0.18% · 39.4th percentile
Risk Scores
EPSS Score
0.18%
39.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform <7.3.11 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform <7.4.13 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform <7.1.8 |
Exploit Intelligence
- CIRCL seen: CVE-2023-3171 (circl-sighting)
- RHSA-2023:5484 (circl)
- RHSA-2023:5485 (circl)
- RHSA-2023:5486 (circl)
- RHSA-2023:5488 (circl)
- https://access.redhat.com/security/cve/CVE-2023-3171 (circl)
- RHBZ#2213639 (circl)
Timeline
- Dec 27, 2023 CVE Published
- Dec 27, 2023 PoC Published
- Dec 28, 2023 EPSS Score
- Jan 26, 2024 EPSS Score
- Feb 24, 2024 EPSS Score
- Mar 23, 2024 EPSS Score
- Apr 21, 2024 EPSS Score
- Jun 18, 2024 EPSS Score
- Jul 16, 2024 EPSS Score
- Aug 2, 2024 CVE Updated
- Aug 14, 2024 EPSS Score
- Sep 12, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3224.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3224 advisory
- https://github.com/advisories/GHSA-gpgq-5q34-mh72 advisory
- https://access.redhat.com/security/cve/CVE-2023-3171 advisory
- https://access.redhat.com/errata/RHSA-2023:5488 advisory
- https://access.redhat.com/errata/RHSA-2024:10208 advisory
- https://access.redhat.com/errata/RHSA-2024:10207 advisory