Vulnerability Description
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Undertow | - |
| Redhat | Virtualization | 4.0 |
| Redhat | Virtualization Host | 4.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2018:2643Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2669Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0877Vendor Advisory
- https://bugs.openjdk.java.net/browse/JDK-6956385Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114Issue TrackingVendor Advisory
- https://issues.jboss.org/browse/UNDERTOW-1338Issue TrackingThird Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2643Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2669Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0877Vendor Advisory
- https://bugs.openjdk.java.net/browse/JDK-6956385Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114Issue TrackingVendor Advisory
- https://issues.jboss.org/browse/UNDERTOW-1338Issue TrackingThird Party Advisory
FAQ
What is CVE-2018-1114?
CVE-2018-1114 is a vulnerability with a CVSS score of 6.5 (MEDIUM). It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
How severe is CVE-2018-1114?
CVE-2018-1114 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1114?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Undertow, Redhat Virtualization, Redhat Virtualization Host.