CVE-2023-1108 Information

Sep 21, 2023 cve

Description

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit where the loop never terminates.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://access.redhat.com/errata/RHSA-2023:3892 https://access.redhat.com/errata/RHSA-2023:1184 https://access.redhat.com/errata/RHSA-2023:1185 https://access.redhat.com/security/cve/CVE-2023-1108 https://bugzilla.redhat.com/show_bug.cgi?id=2174246 https://access.redhat.com/errata/RHSA-2023:1516 https://access.redhat.com/errata/RHSA-2023:3885 https://access.redhat.com/errata/RHSA-2023:3884 https://access.redhat.com/errata/RHSA-2023:3883 https://access.redhat.com/errata/RHSA-2023:1513 https://access.redhat.com/errata/RHSA-2023:1514 https://access.redhat.com/errata/RHSA-2023:3888 https://access.redhat.com/errata/RHSA-2023:3954 https://access.redhat.com/errata/RHSA-2023:1512 https://access.redhat.com/errata/RHSA-2023:4612

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: