Login Sign Up

CVE-2023-1108

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2023-1108 is a denial-of-service vulnerability in Undertow's SSL/TLS implementation where an infinite loop in the handshake process can crash the server. This affects any system running vulnerable versions of Undertow, particularly web servers and applications using Undertow for HTTP/HTTPS handling.

💻 Affected Systems

Products:
  • Undertow
  • Red Hat JBoss Web Server
  • Red Hat JBoss EAP
  • Applications using Undertow
Versions: Undertow versions before 2.2.27.Final and 2.3.0.Beta1
Operating Systems: Linux, Windows, All platforms running Java
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using SSL/TLS with Undertow. HTTP-only configurations are not vulnerable.

📦 What is this software?

Build Of Quarkus by Redhat

View all CVEs affecting Build Of Quarkus →

Decision Manager by Redhat

View all CVEs affecting Decision Manager →

Fuse by Redhat

View all CVEs affecting Fuse →

Integration Camel K by Redhat

View all CVEs affecting Integration Camel K →

Integration Service Registry by Redhat

View all CVEs affecting Integration Service Registry →

Jboss Enterprise Application Platform by Redhat

View all CVEs affecting Jboss Enterprise Application Platform →

Jboss Enterprise Application Platform by Redhat

View all CVEs affecting Jboss Enterprise Application Platform →

Jboss Enterprise Application Platform Expansion Pack by Redhat

View all CVEs affecting Jboss Enterprise Application Platform Expansion Pack →

Oncommand Workflow Automation by Netapp

View all CVEs affecting Oncommand Workflow Automation →

Openshift Application Runtimes by Redhat

View all CVEs affecting Openshift Application Runtimes →

Openshift Container Platform by Redhat

View all CVEs affecting Openshift Container Platform →

Openshift Container Platform by Redhat

View all CVEs affecting Openshift Container Platform →

Openshift Container Platform For Linuxone by Redhat

View all CVEs affecting Openshift Container Platform For Linuxone →

Openshift Container Platform For Linuxone by Redhat

View all CVEs affecting Openshift Container Platform For Linuxone →

Openshift Container Platform For Power by Redhat

View all CVEs affecting Openshift Container Platform For Power →

Openshift Container Platform For Power by Redhat

View all CVEs affecting Openshift Container Platform For Power →

Openstack Platform by Redhat

View all CVEs affecting Openstack Platform →

Process Automation by Redhat

View all CVEs affecting Process Automation →

Single Sign On by Redhat

View all CVEs affecting Single Sign On →

Single Sign On by Redhat

View all CVEs affecting Single Sign On →

Undertow by Redhat

View all CVEs affecting Undertow →

Undertow by Redhat

View all CVEs affecting Undertow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to server crash, requiring manual restart and potentially causing extended downtime.

🟠

Likely Case

Service disruption affecting availability, with automatic restarts possible but repeated crashes leading to degraded performance.

🟢

If Mitigated

Minimal impact if patched or workarounds applied, with potential for brief service interruptions during attack attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted SSL/TLS handshake requests to trigger the infinite loop.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Undertow 2.2.27.Final or 2.3.0.Beta1

Vendor Advisory: https://access.redhat.com/errata/RHSA-2023:1184

Restart Required: Yes

Instructions:

1. Identify Undertow version. 2. Update to patched version via package manager or manual installation. 3. Restart affected services. 4. Verify fix with version check.

🔧 Temporary Workarounds

Disable SSL/TLS

all

Temporarily disable SSL/TLS if HTTP-only operation is acceptable, eliminating the attack vector.

Modify server configuration to use HTTP only

Network filtering

linux

Use firewall rules to restrict SSL/TLS connections to trusted sources only.

iptables -A INPUT -p tcp --dport 443 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to limit access to vulnerable systems
  • Deploy Web Application Firewall (WAF) with DoS protection rules

🔍 How to Verify

Check if Vulnerable:

Check Undertow version in application logs or via dependency management tools like Maven/Gradle.

Check Version:

grep -i undertow pom.xml || java -cp your-app.jar org.jboss.modules.Main --version

Verify Fix Applied:

Confirm Undertow version is 2.2.27.Final or higher, then test SSL/TLS connections remain stable.

📡 Detection & Monitoring

Log Indicators:

  • Repeated SSL handshake failures
  • Server process crashes with stack traces containing SslConduit
  • High CPU usage from Undertow threads

Network Indicators:

  • Abnormal SSL/TLS handshake patterns
  • Multiple connection attempts to SSL ports from single source

SIEM Query:

source="undertow.log" AND ("SSL" OR "handshake") AND ("error" OR "crash" OR "loop")

📊 Metadata

CVE ID: CVE-2023-1108
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-835
Published: September 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1108, you might also want to check these:

CVE-2021-42143 9.1

This vulnerability in Contiki-NG tinyDTLS allows remote attackers to cause denial of service and pot...

Same vulnerability type (CWE-835)
CVE-2026-25533 8.8

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sand...

Same vulnerability type (CWE-835)
CVE-2023-20083 8.6

A vulnerability in Cisco Firepower Threat Defense (FTD) Software's ICMPv6 inspection with Snort 2 al...

Same vulnerability type (CWE-835)