Description
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
References (18)
Scores
CVSS v3
7.5
EPSS
0.0057
EPSS Percentile
68.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-835
Status
published
Products (22)
io.undertow/undertow-core
2.3.0 - 2.3.5.FinalMaven
netapp/oncommand_workflow_automation
redhat/build_of_quarkus
redhat/decision_manager
7.0
redhat/fuse
1.0.0
redhat/integration_camel_k
redhat/integration_service_registry
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
7.4
redhat/jboss_enterprise_application_platform_expansion_pack
... and 12 more
Published
Sep 14, 2023
Tracked Since
Feb 18, 2026