Skip to main content

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 14, 2023 - 15:15 nvd
HIGH 7.5

DescriptionNVD

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

AnalysisAI

A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-835. A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. Affected products include: Redhat Build Of Quarkus, Redhat Decision Manager, Redhat Fuse, Redhat Integration Camel K, Redhat Integration Service Registry.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-4853 HIGH POC
8.1 Sep 20

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly whe

CVE-2022-4116 CRITICAL
9.8 Nov 22

A vulnerability was found in quarkus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no

CVE-2023-2974 HIGH
8.1 Jul 04

A vulnerability was found in quarkus-core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, l

CVE-2022-1011 HIGH
7.8 Mar 18

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). Rated high sev

CVE-2023-6394 HIGH
7.4 Dec 09

A flaw was found in Quarkus. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authenticati

CVE-2022-1259 HIGH
7.5 Aug 31

A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat

CVE-2021-20218 HIGH
7.4 Mar 16

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. Rated high severity (CVSS 7.4), this vulne

CVE-2023-1664 MEDIUM
6.5 May 26

A flaw was found in Keycloak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentic

CVE-2023-0044 MEDIUM
6.1 Feb 23

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated

CVE-2023-6393 MEDIUM
5.3 Dec 06

A flaw was found in the Quarkus Cache Runtime. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploita

CVE-2021-3642 MEDIUM
5.3 Aug 05

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final

CVE-2021-3536 MEDIUM
4.8 May 20

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin conso

Share

CVE-2023-1108 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy