https://issues.redhat.com/browse/UNDERTOW-2239 A denial-of-service vulnerability found in Undertow : Latest JDKs from the January 18th release (jdk 11.0.18, and may be jdk 17.0.6) include this change: https://github.com/openjdk/jdk11u/commit/243a55ef31e9584467482c6159501b5d522a9427#diff-fd78e578d9d538ff23130422a81e277b5482ac752dc158b6dc07737a9c4c3f4bR737-L737 Which is suspected to be the cause of an infinite loop in SslConduit here: https://github.com/undertow-io/undertow/blob/d508c1328ba5c1ca228bfcc405f2c6b9321a1139/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java#L1002-L1004 Where there is HandshakeStatus.NEED_WRAP but the status is updated to Status.CLOSED (new in this JDK release) so the loop never terminates.
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2023:1184 https://access.redhat.com/errata/RHSA-2023:1184
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:1185 https://access.redhat.com/errata/RHSA-2023:1185
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1108
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:1514 https://access.redhat.com/errata/RHSA-2023:1514
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:1513 https://access.redhat.com/errata/RHSA-2023:1513
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:1512 https://access.redhat.com/errata/RHSA-2023:1512
This issue has been addressed in the following products: EAP 7.4.10 release Via RHSA-2023:1516 https://access.redhat.com/errata/RHSA-2023:1516
This issue has been addressed in the following products: Red Hat Process Automation Via RHSA-2023:2135 https://access.redhat.com/errata/RHSA-2023:2135
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:3885 https://access.redhat.com/errata/RHSA-2023:3885
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:3884 https://access.redhat.com/errata/RHSA-2023:3884
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:3888 https://access.redhat.com/errata/RHSA-2023:3888
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:3883 https://access.redhat.com/errata/RHSA-2023:3883
This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:3892 https://access.redhat.com/errata/RHSA-2023:3892
This issue has been addressed in the following products: Red Hat Fuse 7.12 Via RHSA-2023:3954 https://access.redhat.com/errata/RHSA-2023:3954
This issue has been addressed in the following products: Red Hat support for Spring Boot 2.7.13 Via RHSA-2023:4612 https://access.redhat.com/errata/RHSA-2023:4612