CVE-2023-1108
Undertow: infinite loop in sslconduit during close
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
io.undertow:undertow-coreRed Hat · EAP 7.4.10 releaseRed Hat · Red Hat build of QuarkusRed Hat · Red Hat Data Grid 8Red Hat · Red Hat Fuse 7.12Red Hat · Red Hat Integration Camel KRed Hat · Red Hat Integration Camel QuarkusRed Hat · Red Hat Integration Service RegistryRed Hat · Red Hat JBoss Data Grid 7Red Hat · Red Hat JBoss Enterprise Application Platform 7.1.0Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat · Red Hat JBoss Fuse 6Red Hat · Red Hat OpenStack Platform 13 (Queens)Red Hat · Red Hat Single Sign-On 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 8Red Hat · Red Hat Single Sign-On 7.6 for RHEL 9Red Hat · Red Hat support for Spring Boot 2.7.13Red Hat · RHEL-8 based Middleware ContainersRed Hat · RHPAM 7.13.1 async¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2023:1184https://access.redhat.com/errata/RHSA-2023:1185https://access.redhat.com/errata/RHSA-2023:1512https://access.redhat.com/errata/RHSA-2023:1513https://access.redhat.com/errata/RHSA-2023:1514https://access.redhat.com/errata/RHSA-2023:1516https://access.redhat.com/errata/RHSA-2023:2135https://access.redhat.com/errata/RHSA-2023:3883https://access.redhat.com/errata/RHSA-2023:3884https://access.redhat.com/errata/RHSA-2023:3885https://access.redhat.com/errata/RHSA-2023:3888https://access.redhat.com/errata/RHSA-2023:3892