A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
History
16 Nov 2023, 00:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* | |
References | (MISC) https://security.netapp.com/advisory/ntap-20231020-0002/ - Third Party Advisory | |
First Time |
Netapp
Netapp oncommand Workflow Automation |
20 Oct 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2023, 20:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Redhat openshift Application Runtimes
Redhat build Of Quarkus Redhat decision Manager Redhat fuse Redhat integration Camel K Redhat openstack Platform Redhat single Sign-on Redhat undertow Redhat integration Service Registry Redhat jboss Enterprise Application Platform Redhat Redhat process Automation Redhat jboss Enterprise Application Platform Expansion Pack Redhat openshift Container Platform For Linuxone Redhat enterprise Linux Redhat openshift Container Platform Redhat openshift Container Platform For Power |
|
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:* cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:* |
|
CWE | CWE-835 | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-1108 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:3885 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4612 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:3883 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:3954 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:1184 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:1516 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:1513 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:3888 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:1514 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:1185 - Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2174246 - Issue Tracking | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:1512 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:3884 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:3892 - Vendor Advisory |
14 Sep 2023, 18:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-14 15:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-1108
Mitre link : CVE-2023-1108
CVE.ORG link : CVE-2023-1108
JSON object : View
Products Affected
netapp
- oncommand_workflow_automation
redhat
- undertow
- jboss_enterprise_application_platform
- openshift_application_runtimes
- integration_camel_k
- openstack_platform
- decision_manager
- openshift_container_platform_for_linuxone
- process_automation
- single_sign-on
- integration_service_registry
- openshift_container_platform
- openshift_container_platform_for_power
- enterprise_linux
- fuse
- build_of_quarkus
- jboss_enterprise_application_platform_expansion_pack
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')