CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

History

03 May 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:2135 -
  • () https://github.com/advisories/GHSA-m4mm-pg93-fv78 -

16 Nov 2023, 00:46

Type Values Removed Values Added
References (MISC) https://security.netapp.com/advisory/ntap-20231020-0002/ - (MISC) https://security.netapp.com/advisory/ntap-20231020-0002/ - Third Party Advisory
First Time Netapp
Netapp oncommand Workflow Automation
CPE cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

20 Oct 2023, 15:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20231020-0002/ -

20 Sep 2023, 20:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-835
First Time Redhat integration Camel K
Redhat openshift Container Platform
Redhat openshift Container Platform For Linuxone
Redhat decision Manager
Redhat jboss Enterprise Application Platform
Redhat openshift Application Runtimes
Redhat process Automation
Redhat
Redhat enterprise Linux
Redhat jboss Enterprise Application Platform Expansion Pack
Redhat build Of Quarkus
Redhat integration Service Registry
Redhat single Sign-on
Redhat undertow
Redhat openstack Platform
Redhat fuse
Redhat openshift Container Platform For Power
References (MISC) https://access.redhat.com/errata/RHSA-2023:1513 - (MISC) https://access.redhat.com/errata/RHSA-2023:1513 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:3883 - (MISC) https://access.redhat.com/errata/RHSA-2023:3883 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:1512 - (MISC) https://access.redhat.com/errata/RHSA-2023:1512 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:1516 - (MISC) https://access.redhat.com/errata/RHSA-2023:1516 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:1185 - (MISC) https://access.redhat.com/errata/RHSA-2023:1185 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:3888 - (MISC) https://access.redhat.com/errata/RHSA-2023:3888 - Vendor Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2174246 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2174246 - Issue Tracking
References (MISC) https://access.redhat.com/security/cve/CVE-2023-1108 - (MISC) https://access.redhat.com/security/cve/CVE-2023-1108 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:1514 - (MISC) https://access.redhat.com/errata/RHSA-2023:1514 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:3884 - (MISC) https://access.redhat.com/errata/RHSA-2023:3884 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:1184 - (MISC) https://access.redhat.com/errata/RHSA-2023:1184 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:3954 - (MISC) https://access.redhat.com/errata/RHSA-2023:3954 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:3892 - (MISC) https://access.redhat.com/errata/RHSA-2023:3892 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4612 - (MISC) https://access.redhat.com/errata/RHSA-2023:4612 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:3885 - (MISC) https://access.redhat.com/errata/RHSA-2023:3885 - Vendor Advisory
CPE cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*

14 Sep 2023, 18:32

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-14 15:15

Updated : 2024-05-03 16:15


NVD link : CVE-2023-1108

Mitre link : CVE-2023-1108

CVE.ORG link : CVE-2023-1108


JSON object : View

Products Affected

redhat

  • single_sign-on
  • openshift_container_platform
  • undertow
  • process_automation
  • integration_camel_k
  • fuse
  • integration_service_registry
  • build_of_quarkus
  • jboss_enterprise_application_platform_expansion_pack
  • openstack_platform
  • openshift_container_platform_for_linuxone
  • jboss_enterprise_application_platform
  • openshift_container_platform_for_power
  • openshift_application_runtimes
  • enterprise_linux
  • decision_manager

netapp

  • oncommand_workflow_automation
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')