REDHAT-BUG-2187435
First published: Mon Apr 17 2023(Updated: )
It was discovered that the TLS implementation in the JSSE component of OpenJDK did not correctly handle half-duplex connections during TLS handshake. A remote attacker attacker could use this flaw to affect confidentiality or integrity of a TLS connection.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK 17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/openjdk/jdk8u/commit/301c9adce1711d9eb3f663bef07bbb045b907332
- https://github.com/openjdk/jdk11u/commit/432b9f03f6b3b3ed782b1fb388c5f8c850c66c07
- https://github.com/openjdk/jdk17u/commit/13a90694f8177d4b6289f524ff5f721dbc3da09d
- https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/8u371-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-19-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-7-relnotes.html
- https://www.oracle.com/java/technologies/javase/20-0-1-relnotes.html
- https://access.redhat.com/errata/RHSA-2023:1875
- https://access.redhat.com/errata/RHSA-2023:1877
- https://access.redhat.com/errata/RHSA-2023:1878
- https://access.redhat.com/errata/RHSA-2023:1879
- https://access.redhat.com/errata/RHSA-2023:1880
- https://access.redhat.com/errata/RHSA-2023:1883
- https://access.redhat.com/errata/RHSA-2023:1882
- https://access.redhat.com/errata/RHSA-2023:1885
- https://access.redhat.com/errata/RHSA-2023:1884
- https://access.redhat.com/errata/RHSA-2023:1889
- https://access.redhat.com/errata/RHSA-2023:1890
- https://access.redhat.com/errata/RHSA-2023:1891
- https://access.redhat.com/errata/RHSA-2023:1892
- https://access.redhat.com/errata/RHSA-2023:1895
- https://access.redhat.com/errata/RHSA-2023:1898
- https://access.redhat.com/errata/RHSA-2023:1899
- https://access.redhat.com/errata/RHSA-2023:1900
- https://access.redhat.com/errata/RHSA-2023:1904
- https://access.redhat.com/errata/RHSA-2023:1911
- https://access.redhat.com/errata/RHSA-2023:1905
- https://access.redhat.com/errata/RHSA-2023:1906
- https://access.redhat.com/errata/RHSA-2023:1909
- https://access.redhat.com/errata/RHSA-2023:1908
- https://access.redhat.com/errata/RHSA-2023:1910
- https://access.redhat.com/errata/RHSA-2023:1907
- https://access.redhat.com/errata/RHSA-2023:1912
- https://access.redhat.com/errata/RHSA-2023:1903
- https://access.redhat.com/security/cve/cve-2023-21930
- https://access.redhat.com/errata/RHSA-2023:4103
- https://access.redhat.com/errata/RHSA-2023:4160
- https://bugzilla.redhat.com/show_bug.cgi?id=2187435
Frequently Asked Questions
What is the severity of REDHAT-BUG-2187435?
The severity of REDHAT-BUG-2187435 is considered significant due to its potential impact on the confidentiality and integrity of TLS connections.
How do I fix REDHAT-BUG-2187435?
To fix REDHAT-BUG-2187435, upgrade to the patched versions of OpenJDK that address the TLS handshake vulnerability.
Which versions of OpenJDK are affected by REDHAT-BUG-2187435?
OpenJDK 17 and possibly earlier versions are affected by REDHAT-BUG-2187435.
Can REDHAT-BUG-2187435 be exploited remotely?
Yes, a remote attacker can exploit REDHAT-BUG-2187435 to manipulate TLS connections.
What component is primarily involved in REDHAT-BUG-2187435?
The TLS implementation in the JSSE component of OpenJDK is primarily involved in REDHAT-BUG-2187435.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-21930
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/openjdk 17