HIGH 7.5 Maven
Undertow denial of service vulnerability
GHSA-m4mm-pg93-fv78 · CVE-2023-1108
Published · Modified
Description
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-1108
- WEB https://github.com/undertow-io/undertow/pull/1457
- WEB https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d
- WEB https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be
- WEB https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78
- WEB https://security.netapp.com/advisory/ntap-20231020-0002
- PACKAGE https://github.com/undertow-io/undertow
- ADVISORY https://github.com/advisories/GHSA-m4mm-pg93-fv78
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=2174246
- WEB https://access.redhat.com/security/cve/CVE-2023-1108
- WEB https://access.redhat.com/errata/RHSA-2023:4612
- WEB https://access.redhat.com/errata/RHSA-2023:3954
- WEB https://access.redhat.com/errata/RHSA-2023:3892
- WEB https://access.redhat.com/errata/RHSA-2023:3888
- WEB https://access.redhat.com/errata/RHSA-2023:3885
- WEB https://access.redhat.com/errata/RHSA-2023:3884
- WEB https://access.redhat.com/errata/RHSA-2023:3883
- WEB https://access.redhat.com/errata/RHSA-2023:2135
- WEB https://access.redhat.com/errata/RHSA-2023:1516
- WEB https://access.redhat.com/errata/RHSA-2023:1514
- WEB https://access.redhat.com/errata/RHSA-2023:1513
- WEB https://access.redhat.com/errata/RHSA-2023:1512
- WEB https://access.redhat.com/errata/RHSA-2023:1185
- WEB https://access.redhat.com/errata/RHSA-2023:1184
Ready to move
Start Securing
Free, no credit card | First findings in minutes