漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests
Vulnerability Description
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Undertow 安全漏洞
Vulnerability Description
Undertow是美国Undertow公司的一个Web服务器。 Undertow存在安全漏洞,该漏洞源于处理包含multipart/form-data内容的HTTP GET请求时可能过早解析和存储内容,可能导致资源耗尽和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A