CVE-2023-5379
Undertow: ajp request closes connection exceeding maxrequestsize
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
| CWE | CWE-770 |
| Vendor | red hat |
| Product | red hat jboss enterprise application platform 7.1 eus for rhel 7 |
| Published | Dec 12, 2023 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat jboss enterprise application platform 7.1 eus for rhel 7
Be the first to know when new high vulnerabilities affecting red hat red hat jboss enterprise application platform 7.1 eus for rhel 7 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat build of Quarkus
All versions affected Red Hat / Red Hat Data Grid 8
All versions affected Red Hat / Red Hat Decision Manager 7
All versions affected Red Hat / Red Hat Fuse 7
All versions affected Red Hat / Red Hat JBoss Data Grid 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7
All versions affected Red Hat / Red Hat JBoss Fuse 6
All versions affected Red Hat / Red Hat Process Automation 7
All versions affected Red Hat / Red Hat Single Sign-On 7
All versions affected Red Hat / Red Hat support for Spring Boot
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9582 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9583 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-5379 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2242099 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:4509