๐Ÿ” CVE Alert

CVE-2023-1108

HIGH 7.5

Undertow: infinite loop in sslconduit during close

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

CWE CWE-835
Published Sep 14, 2023
Last Updated Aug 2, 2024
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

Red Hat / EAP 7.4.10 release
All versions affected
Red Hat / Red Hat Fuse 7.12
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1.0
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat Single Sign-On 7
All versions affected
Red Hat / Red Hat Single Sign-On 7.6 for RHEL 7
All versions affected
Red Hat / Red Hat Single Sign-On 7.6 for RHEL 8
All versions affected
Red Hat / Red Hat Single Sign-On 7.6 for RHEL 9
All versions affected
Red Hat / Red Hat support for Spring Boot 2.7.13
All versions affected
Red Hat / RHEL-8 based Middleware Containers
All versions affected
Red Hat / RHPAM 7.13.1 async
All versions affected
Red Hat / Red Hat build of Quarkus
All versions affected
Red Hat / Red Hat Data Grid 8
All versions affected
Red Hat / Red Hat Integration Camel K
All versions affected
Red Hat / Red Hat Integration Camel Quarkus
All versions affected
Red Hat / Red Hat Integration Service Registry
All versions affected
Red Hat / Red Hat JBoss Data Grid 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected
Red Hat / Red Hat JBoss Fuse 6
All versions affected
Red Hat / Red Hat OpenStack Platform 13 (Queens)
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:1184 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:1185 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:1512 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:1513 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:1514 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:1516 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:2135 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:3883 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:3884 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:3885 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:3888 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:3892 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:3954 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:4612 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-1108 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2174246 github.com: https://github.com/advisories/GHSA-m4mm-pg93-fv78 security.netapp.com: https://security.netapp.com/advisory/ntap-20231020-0002/