← back
CVE-2023-1108

Undertow: infinite loop in sslconduit during close

CVSS 7.5 HIGHEPSS 1.8%CWE-835
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 1.8%KEV nãoPoC Patch referenciado
Lifecycle
14 Sep 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
io.undertow:undertow-coreRed Hat · EAP 7.4.10 releaseRed Hat · Red Hat build of QuarkusRed Hat · Red Hat Data Grid 8Red Hat · Red Hat Fuse 7.12Red Hat · Red Hat Integration Camel KRed Hat · Red Hat Integration Camel QuarkusRed Hat · Red Hat Integration Service RegistryRed Hat · Red Hat JBoss Data Grid 7Red Hat · Red Hat JBoss Enterprise Application Platform 7.1.0Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat · Red Hat JBoss Fuse 6Red Hat · Red Hat OpenStack Platform 13 (Queens)Red Hat · Red Hat Single Sign-On 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 8Red Hat · Red Hat Single Sign-On 7.6 for RHEL 9Red Hat · Red Hat support for Spring Boot 2.7.13Red Hat · RHEL-8 based Middleware ContainersRed Hat · RHPAM 7.13.1 async

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2023:1184https://access.redhat.com/errata/RHSA-2023:1185https://access.redhat.com/errata/RHSA-2023:1512https://access.redhat.com/errata/RHSA-2023:1513https://access.redhat.com/errata/RHSA-2023:1514https://access.redhat.com/errata/RHSA-2023:1516https://access.redhat.com/errata/RHSA-2023:2135https://access.redhat.com/errata/RHSA-2023:3883https://access.redhat.com/errata/RHSA-2023:3884https://access.redhat.com/errata/RHSA-2023:3885https://access.redhat.com/errata/RHSA-2023:3888https://access.redhat.com/errata/RHSA-2023:3892