← volver
CVE-2023-1108

Undertow: infinite loop in sslconduit during close

CVSS 7.5 HIGHEPSS 1.8%CWE-835
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
14 sep 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
io.undertow:undertow-coreRed Hat · EAP 7.4.10 releaseRed Hat · Red Hat build of QuarkusRed Hat · Red Hat Data Grid 8Red Hat · Red Hat Fuse 7.12Red Hat · Red Hat Integration Camel KRed Hat · Red Hat Integration Camel QuarkusRed Hat · Red Hat Integration Service RegistryRed Hat · Red Hat JBoss Data Grid 7Red Hat · Red Hat JBoss Enterprise Application Platform 7.1.0Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat · Red Hat JBoss Fuse 6Red Hat · Red Hat OpenStack Platform 13 (Queens)Red Hat · Red Hat Single Sign-On 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 8Red Hat · Red Hat Single Sign-On 7.6 for RHEL 9Red Hat · Red Hat support for Spring Boot 2.7.13Red Hat · RHEL-8 based Middleware ContainersRed Hat · RHPAM 7.13.1 async

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2023:1184https://access.redhat.com/errata/RHSA-2023:1185https://access.redhat.com/errata/RHSA-2023:1512https://access.redhat.com/errata/RHSA-2023:1513https://access.redhat.com/errata/RHSA-2023:1514https://access.redhat.com/errata/RHSA-2023:1516https://access.redhat.com/errata/RHSA-2023:2135https://access.redhat.com/errata/RHSA-2023:3883https://access.redhat.com/errata/RHSA-2023:3884https://access.redhat.com/errata/RHSA-2023:3885https://access.redhat.com/errata/RHSA-2023:3888https://access.redhat.com/errata/RHSA-2023:3892