A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HNetapp Oncommand Workflow Automation
APPNetappwszystkie wersjeRed Hat Build Of Quarkus
APPRedhatwszystkie wersjeRed Hat Decision Manager
APPRedhat7.0Red Hat Enterprise Linux
OSRedhat7.08.09.0Red Hat Fuse
APPRedhat1.0.0Red Hat Integration Camel K
APPRedhatwszystkie wersjeRed Hat Integration Service Registry
APPRedhatwszystkie wersjeRed Hat Jboss Enterprise Application Platform
APPRedhat7.4Red Hat Jboss Enterprise Application Platform Expansion Pack
APPRedhatwszystkie wersjeRed Hat Openshift Application Runtimes
APPRedhatwszystkie wersjeRed Hat OpenShift Container Platform
APPRedhat4.114.12Red Hat Openshift Container Platform For Linuxone
APPRedhat4.104.9Red Hat Openshift Container Platform For Power
APPRedhat4.104.9Red Hat Openstack Platform
APPRedhat13.0Red Hat Process Automation
APPRedhat7.0Red Hat Single Sign On
APPRedhat7.6Red Hat Undertow
APPRedhat< 2.2.242.3.0 – 2.3.5 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
References
Related vulnerabilities
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
CVE-2019-7609CRITICAL10.0⚠ KEVten sam produkt
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...
CVE-2019-1003029CRITICAL9.9⚠ KEVten sam produkt
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/...
CVE-2019-1003030CRITICAL9.9⚠ KEVten sam produkt
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...