CVE-2023-1108 - OpenCVE

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Openshift Container Platform For Linuxone Integration Camel K Undertow Openshift Container Platform Build Of Quarkus Enterprise Linux Jboss Enterprise Application Platform Fuse Decision Manager Jboss Enterprise Application Platform Expansion Pack Openshift Container Platform For Power Integration Service Registry Process Automation Openstack Platform Single Sign-on Openshift Application Runtimes
Netapp	Oncommand Workflow Automation

Configuration 1 [-]

OR	cpe:2.3:a:redhat:build_of_quarkus:-:::::::*
	cpe:2.3:a:redhat:decision_manager:7.0:::::::*
	cpe:2.3:a:redhat:fuse:1.0.0:::::::*
	cpe:2.3:a:redhat:integration_camel_k:-:::::::*
	cpe:2.3:a:redhat:integration_service_registry:-:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:-::::text-only:::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:::::::*
	cpe:2.3:a:redhat:openshift_application_runtimes:-::::text-only:::
	cpe:2.3:a:redhat:openstack_platform:13.0:::::::*
	cpe:2.3:a:redhat:process_automation:7.0:::::::*
	cpe:2.3:a:redhat:single_sign-on:-::::text-only:::
	cpe:2.3:a:redhat:undertow::::::::
	cpe:2.3:a:redhat:undertow::::::::

Configuration 2 [-]

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 4 [-]

AND

cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 5 [-]

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:1184	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:1185	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:1512	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:1513	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:1514	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:1516	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:2135
https://access.redhat.com/errata/RHSA-2023:3883	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3884	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3885	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3888	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3892	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3954	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4612	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-1108	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2174246	Issue Tracking
https://github.com/advisories/GHSA-m4mm-pg93-fv78
https://security.netapp.com/advisory/ntap-20231020-0002/	Third Party Advisory