Lucene search
RedhatVULNRICHMENT:CVE-2023-1108HistorySep 14, 2023 - 2:48 p.m.
CVE-2023-1108 Undertow: infinite loop in sslconduit during close
2023-09-1414:48:58
CWE-835
redhat
github.com
10
undertow
sslconduit
infinite loop
dos
cve-2023-1108
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.9
Confidence
High
EPSS
0.002
Percentile
59.2%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CNA Affected
[
{
"versions": [
{
"status": "unaffected",
"version": "2.3.5"
},
{
"status": "unaffected",
"version": "2.2.24"
}
],
"packageName": "io.undertow:undertow-core",
"collectionURL": "https://github.com/undertow-io/undertow"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
],
"vendor": "Red Hat",
"product": "EAP 7.4.10 release",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"vendor": "Red Hat",
"product": "Red Hat Fuse 7.12",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.1.0",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"versions": [
{
"status": "unaffected",
"version": "0:2.2.22-1.SP3_redhat_00002.1.el8eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"versions": [
{
"status": "unaffected",
"version": "0:7.4.9-6.GA_redhat_00004.1.el8eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-wildfly",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"versions": [
{
"status": "unaffected",
"version": "0:2.2.23-1.SP2_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"versions": [
{
"status": "unaffected",
"version": "0:2.0.14-1.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-undertow-jastow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"versions": [
{
"status": "unaffected",
"version": "0:2.2.22-1.SP3_redhat_00002.1.el9eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"versions": [
{
"status": "unaffected",
"version": "0:7.4.9-6.GA_redhat_00004.1.el9eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-wildfly",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"versions": [
{
"status": "unaffected",
"version": "0:2.2.23-1.SP2_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"versions": [
{
"status": "unaffected",
"version": "0:2.0.14-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-undertow-jastow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"versions": [
{
"status": "unaffected",
"version": "0:2.2.22-1.SP3_redhat_00002.1.el7eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"versions": [
{
"status": "unaffected",
"version": "0:7.4.9-6.GA_redhat_00004.1.el7eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-wildfly",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"versions": [
{
"status": "unaffected",
"version": "0:2.2.23-1.SP2_redhat_00001.1.el7eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"versions": [
{
"status": "unaffected",
"version": "0:2.0.14-1.Final_redhat_00001.1.el7eap",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "eap7-undertow-jastow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6.4"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 7",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.8-1.redhat_00001.1.el7sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 8",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.8-1.redhat_00001.1.el8sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 9",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.8-1.redhat_00001.1.el9sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
],
"vendor": "Red Hat",
"product": "Red Hat support for Spring Boot 2.7.13",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6-24",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso76-openshift-rhel8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
],
"vendor": "Red Hat",
"product": "RHPAM 7.13.1 async",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:quarkus:2"
],
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus",
"packageName": "io.quarkus/quarkus-undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"vendor": "Red Hat",
"product": "Red Hat Data Grid 8",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:integration:1"
],
"vendor": "Red Hat",
"product": "Red Hat Integration Camel K",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:camel_quarkus:2"
],
"vendor": "Red Hat",
"product": "Red Hat Integration Camel Quarkus",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"vendor": "Red Hat",
"product": "Red Hat Integration Service Registry",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:7"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Data Grid 7",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:6"
],
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 6",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"packageName": "undertow",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
}
]References
access.redhat.com/errata/RHSA-2023:1184
access.redhat.com/errata/RHSA-2023:1185
access.redhat.com/errata/RHSA-2023:1512
access.redhat.com/errata/RHSA-2023:1513
access.redhat.com/errata/RHSA-2023:1514
access.redhat.com/errata/RHSA-2023:1516
access.redhat.com/errata/RHSA-2023:2135
access.redhat.com/errata/RHSA-2023:3883
access.redhat.com/errata/RHSA-2023:3884
access.redhat.com/errata/RHSA-2023:3885
access.redhat.com/errata/RHSA-2023:3888
access.redhat.com/errata/RHSA-2023:3892
access.redhat.com/errata/RHSA-2023:3954
access.redhat.com/errata/RHSA-2023:4612
access.redhat.com/security/cve/CVE-2023-1108
bugzilla.redhat.com/show_bug.cgi?id=2174246
github.com/advisories/GHSA-m4mm-pg93-fv78
security.netapp.com/advisory/ntap-20231020-0002/
Related
osv
osv
Undertow denial of service vulnerability
2023-09-14 15:31:23
CVE-2023-1108
2023-09-14 15:15:08
github
github
Undertow denial of service vulnerability
2023-09-14 15:31:23
cvelist
cvelist
CVE-2023-1108 Undertow: infinite loop in sslconduit during close
2023-09-14 14:48:58
debiancve
debiancve
CVE-2023-1108
2023-09-14 15:15:08
redhat
redhat
nessus
nessus
ubuntucve
ubuntucve
CVE-2023-1108
2023-09-14 00:00:00
nvd
nvd
CVE-2023-1108
2023-09-14 15:15:08
redhatcve
redhatcve
CVE-2023-1108
2023-03-09 00:15:02
cve
cve
CVE-2023-1108
2023-09-14 15:15:08
veracode
veracode
Denial Of Service (DoS)
2023-03-24 00:48:03
prion
prion
Design/Logic Flaw
2023-09-14 15:15:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.9
Confidence
High
EPSS
0.002
Percentile
59.2%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-1108