Vulnerability Description
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Undertow | - |
| Redhat | Jboss Enterprise Application Platform | 7.1 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:0362Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0364Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0365Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0380Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:1106Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:1107Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:1108Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:1140Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642Issue TrackingPatchVendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0362Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0364Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0365Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0380Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:1106Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:1107Vendor Advisory
FAQ
What is CVE-2018-14642?
CVE-2018-14642 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full cont...
How severe is CVE-2018-14642?
CVE-2018-14642 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-14642?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Undertow, Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux.