{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1300", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-02-07T07:11:11.156Z", "datePublished": "2024-04-02T07:33:05.215Z", "dateUpdated": "2024-09-18T08:35:47.355Z"}, "containers": {"cna": {"title": "Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error."}], "affected": [{"vendor": "Red Hat", "product": "CEQ 3.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "vertx-core", "cpes": ["cpe:/a:redhat:camel_quarkus:3"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.4.0-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/cryostat-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "2.4.0-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/cryostat-reports-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.4.0-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/cryostat-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.4.0-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/cryostat-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "2.4.0-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/jfr-datasource-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.4.0-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mtr/mtr-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "1.2-18", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mtr/mtr-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "1.2-11", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mtr/mtr-web-container-rhel8", "defaultStatus": "affected", "versions": [{"version": "1.2-12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mtr/mtr-web-executor-container-rhel8", "defaultStatus": "affected", "versions": [{"version": "1.2-10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"]}, {"vendor": "Red Hat", "product": "MTA-6.2-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mta/mta-windup-addon-rhel9", "defaultStatus": "affected", "versions": [{"version": "6.2.3-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat AMQ Streams 2.7.0", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "vertx-core", "cpes": ["cpe:/a:redhat:amq_streams:2"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "vertx-core", "cpes": ["cpe:/a:redhat:apache_camel_spring_boot:4.4.1"]}, {"vendor": "Red Hat", "product": "Red Hat build of Quarkus 3.2.11.Final", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "io.vertx/vertx-core", "defaultStatus": "affected", "versions": [{"version": "4.4.8.redhat-00001", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:quarkus:3.2::el8"]}, {"vendor": "Red Hat", "product": "RHINT Service Registry 2.5.11 GA", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "vertx-core", "cpes": ["cpe:/a:redhat:service_registry:2.5"]}, {"vendor": "Red Hat", "product": "A-MQ Clients 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:a_mq_clients:2"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Spring Boot", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:camel_spring_boot:3"]}, {"vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:build_keycloak:"]}, {"vendor": "Red Hat", "product": "Red Hat build of OptaPlanner 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:optaplanner:::el6"]}, {"vendor": "Red Hat", "product": "Red Hat build of Quarkus", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "io.vertx/vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:quarkus:2"]}, {"vendor": "Red Hat", "product": "Red Hat Data Grid 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_data_grid:8"]}, {"vendor": "Red Hat", "product": "Red Hat Integration Camel K", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:integration:1"]}, {"vendor": "Red Hat", "product": "Red Hat Integration Camel Quarkus", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:camel_quarkus:2"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss A-MQ 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:amq_broker:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_data_grid:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jbosseapxp"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Fuse 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}, {"vendor": "Red Hat", "product": "Red Hat Process Automation 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1662", "name": "RHSA-2024:1662", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1706", "name": "RHSA-2024:1706", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1923", "name": "RHSA-2024:1923", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2088", "name": "RHSA-2024:2088", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2833", "name": "RHSA-2024:2833", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3527", "name": "RHSA-2024:3527", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3989", "name": "RHSA-2024:3989", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4884", "name": "RHSA-2024:4884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1300", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139", "name": "RHBZ#2263139", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."}], "datePublic": "2024-02-06T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-02-07T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-06T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-18T08:35:47.355Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-02T15:16:36.592165Z", "id": "CVE-2024-1300", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:53:23.394Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.527Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1662", "name": "RHSA-2024:1662", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1706", "name": "RHSA-2024:1706", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1923", "name": "RHSA-2024:1923", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2088", "name": "RHSA-2024:2088", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2833", "name": "RHSA-2024:2833", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3527", "name": "RHSA-2024:3527", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3989", "name": "RHSA-2024:3989", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4884", "name": "RHSA-2024:4884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1300", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139", "name": "RHBZ#2263139", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1662", "name": "RHSA-2024:1662", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1706", "name": "RHSA-2024:1706", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1923", "name": "RHSA-2024:1923", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2088", "name": "RHSA-2024:2088", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2833", "name": "RHSA-2024:2833", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3527", "name": "RHSA-2024:3527", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3989", "name": "RHSA-2024:3989", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4884", "name": "RHSA-2024:4884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1300", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139", "name": "RHBZ#2263139", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.527Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1300", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-02T15:16:36.592165Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:53:20.714Z"}}], "cna": {"title": "Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:/a:redhat:camel_quarkus:3"], "vendor": "Red Hat", "product": "CEQ 3.2", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-7", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/cryostat-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/cryostat-reports-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/cryostat-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/cryostat-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/jfr-datasource-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"], "vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "versions": [{"status": "unaffected", "version": "1.2-18", "lessThan": "*", "versionType": "rpm"}], "packageName": "mtr/mtr-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"], "vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "versions": [{"status": "unaffected", "version": "1.2-11", "lessThan": "*", "versionType": "rpm"}], "packageName": "mtr/mtr-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"], "vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "versions": [{"status": "unaffected", "version": "1.2-12", "lessThan": "*", "versionType": "rpm"}], "packageName": "mtr/mtr-web-container-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"], "vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "versions": [{"status": "unaffected", "version": "1.2-10", "lessThan": "*", "versionType": "rpm"}], "packageName": "mtr/mtr-web-executor-container-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"], "vendor": "Red Hat", "product": "MTA-6.2-RHEL-9", "versions": [{"status": "unaffected", "version": "6.2.3-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "mta/mta-windup-addon-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:amq_streams:2"], "vendor": "Red Hat", "product": "Red Hat AMQ Streams 2.7.0", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:apache_camel_spring_boot:4.4.1"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:quarkus:3.2::el8"], "vendor": "Red Hat", "product": "Red Hat build of Quarkus 3.2.11.Final", "versions": [{"status": "unaffected", "version": "4.4.8.redhat-00001", "lessThan": "*", "versionType": "rpm"}], "packageName": "io.vertx/vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_registry:2.5"], "vendor": "Red Hat", "product": "RHINT Service Registry 2.5.11 GA", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:a_mq_clients:2"], "vendor": "Red Hat", "product": "A-MQ Clients 2", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:camel_spring_boot:3"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Spring Boot", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:"], "vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:optaplanner:::el6"], "vendor": "Red Hat", "product": "Red Hat build of OptaPlanner 8", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quarkus:2"], "vendor": "Red Hat", "product": "Red Hat build of Quarkus", "packageName": "io.vertx/vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "vendor": "Red Hat", "product": "Red Hat Data Grid 8", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:integration:1"], "vendor": "Red Hat", "product": "Red Hat Integration Camel K", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:camel_quarkus:2"], "vendor": "Red Hat", "product": "Red Hat Integration Camel Quarkus", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:amq_broker:7"], "vendor": "Red Hat", "product": "Red Hat JBoss A-MQ 7", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jbosseapxp"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Fuse 7", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"], "vendor": "Red Hat", "product": "Red Hat Process Automation 7", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-02-07T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-06T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-02-06T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1662", "name": "RHSA-2024:1662", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1706", "name": "RHSA-2024:1706", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1923", "name": "RHSA-2024:1923", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2088", "name": "RHSA-2024:2088", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2833", "name": "RHSA-2024:2833", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3527", "name": "RHSA-2024:3527", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3989", "name": "RHSA-2024:3989", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4884", "name": "RHSA-2024:4884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1300", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139", "name": "RHBZ#2263139", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-18T08:35:47.355Z"}, "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"}}, "cveMetadata": {"cveId": "CVE-2024-1300", "state": "PUBLISHED", "dateUpdated": "2024-09-18T08:35:47.355Z", "dateReserved": "2024-02-07T07:11:11.156Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-04-02T07:33:05.215Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error."}, {"lang": "es", "value": "Una vulnerabilidad en Eclipse Vert.x toolkit provoca una p\u00e9rdida de memoria en servidores TCP configurados con soporte TLS y SNI. Al procesar un nombre de servidor SNI desconocido al que se le asigna el certificado predeterminado en lugar de un certificado asignado, el contexto SSL se almacena en cach\u00e9 por error en el mapa de nombres del servidor, lo que provoca que se agote la memoria. Esta falla permite a los atacantes enviar mensajes de saludo al cliente TLS con nombres de servidor falsos, lo que provoca un error de falta de memoria de JVM."}], "id": "CVE-2024-1300", "lastModified": "2024-07-25T21:15:10.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-04-02T08:15:53.993", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1662"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1706"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1923"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2088"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2833"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3527"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3989"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4884"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-1300"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"}, {"source": "secalert@redhat.com", "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1706", "cpe": "cpe:/a:redhat:camel_quarkus:3", "package": "vertx-core", "product_name": "CEQ 3.2", "release_date": "2024-04-09T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:2.4.0-7", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-operator-bundle:2.4.0-4", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-reports-rhel8:2.4.0-4", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-rhel8:2.4.0-4", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-rhel8-operator:2.4.0-9", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/jfr-datasource-rhel8:2.4.0-4", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:1923", "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package": "mtr/mtr-operator-bundle:1.2-18", "product_name": "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1923", "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package": "mtr/mtr-rhel8-operator:1.2-11", "product_name": "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1923", "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package": "mtr/mtr-web-container-rhel8:1.2-12", "product_name": "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1923", "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package": "mtr/mtr-web-executor-container-rhel8:1.2-10", "product_name": "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:3989", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-windup-addon-rhel9:6.2.3-2", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:3527", "cpe": "cpe:/a:redhat:amq_streams:2", "package": "vertx-core", "product_name": "Red Hat AMQ Streams 2.7.0", "release_date": "2024-05-30T00:00:00Z"}, {"advisory": "RHSA-2024:4884", "cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.4.1", "package": "vertx-core", "product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:1662", "cpe": "cpe:/a:redhat:quarkus:3.2::el8", "package": "io.vertx/vertx-core:4.4.8.redhat-00001", "product_name": "Red Hat build of Quarkus 3.2.11.Final", "release_date": "2024-04-03T00:00:00Z"}, {"advisory": "RHSA-2024:2833", "cpe": "cpe:/a:redhat:service_registry:2.5", "package": "vertx-core", "product_name": "RHINT Service Registry 2.5.11 GA", "release_date": "2024-05-14T00:00:00Z"}], "bugzilla": {"description": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support", "id": "2263139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-400", "details": ["A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.", "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-1300", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat build of Apache Camel for Spring Boot"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Affected", "package_name": "vertx-core", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Will not fix", "package_name": "io.vertx/vertx-core", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat Integration Camel Quarkus"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat JBoss A-MQ 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat Process Automation 7"}], "public_date": "2024-02-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-1300\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1300\nhttps://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."], "statement": "This affects only TLS servers with SNI enabled.", "threat_severity": "Moderate"}