Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-1108

Published: 14/09/2023 Updated: 16/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Redhat

Vulnerability Summary

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat decision manager 7.0

redhat single sign-on -

redhat process automation 7.0

redhat openstack platform 13.0

redhat jboss enterprise application platform -

redhat openshift application runtimes -

redhat build of quarkus -

redhat integration service registry -

redhat integration camel k -

redhat jboss enterprise application platform expansion pack -

redhat fuse 1.0.0

redhat undertow

redhat openshift_container_platform 4.11

redhat openshift_container_platform 4.12

redhat openshift_container_platform_for_linuxone 4.9

redhat openshift_container_platform_for_linuxone 4.10

redhat openshift_container_platform_for_power 4.9

redhat openshift_container_platform_for_power 4.10

redhat jboss_enterprise_application_platform 7.4

redhat single_sign-on 7.6

netapp oncommand workflow automation -

Vendor Advisories

Debian CVElist Bug Report Logs: undertow: CVE-2023-1108
Debian Bug report logs - #1033253 undertow: CVE-2023-1108 Package: src:undertow; Maintainer for src:undertow is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 20 Mar 2023 19:09:07 UTC Severity: important Tags: security, upstream ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 74 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 for OpenShift image security enhancement update
Synopsis Important: Red Hat Single Sign-On 764 for OpenShift image security enhancement update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 764, running on OpenShift Container Platform 310 and 311, and 4120Red Hat Product Security has rated this update as having a security impac ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 9
Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 9Red Hat ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.10 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7410 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Important: Red Hat support for Spring Boot 2.7.13 security update
Synopsis Important: Red Hat support for Spring Boot 2713 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...
Red Hat: Critical: Red Hat Fuse 7.12 release and security update
Synopsis Critical: Red Hat Fuse 712 release and security update Type/Severity Security Advisory: Critical Topic A minor version update (from 711 to 712) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as h ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7410 on RHEL 9 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7410 on RHEL 8 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7410 on RHEL 7 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 74 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 7 ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 8
Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 8Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 7
Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 7Red Hat ...
Red Hat: Important: Red Hat Process Automation Manager 7.13.3 security update
Synopsis Important: Red Hat Process Automation Manager 7133 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update
Synopsis Important: Red Hat Single Sign-On 764 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...

References

CWE-835https://access.redhat.com/errata/RHSA-2023:3892https://access.redhat.com/errata/RHSA-2023:1184https://access.redhat.com/errata/RHSA-2023:1185https://access.redhat.com/security/cve/CVE-2023-1108https://bugzilla.redhat.com/show_bug.cgi?id=2174246https://access.redhat.com/errata/RHSA-2023:1516https://access.redhat.com/errata/RHSA-2023:3885https://access.redhat.com/errata/RHSA-2023:3884https://access.redhat.com/errata/RHSA-2023:3883https://access.redhat.com/errata/RHSA-2023:1513https://access.redhat.com/errata/RHSA-2023:1514https://access.redhat.com/errata/RHSA-2023:3888https://access.redhat.com/errata/RHSA-2023:3954https://access.redhat.com/errata/RHSA-2023:1512https://access.redhat.com/errata/RHSA-2023:4612https://security.netapp.com/advisory/ntap-20231020-0002/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook