CVE-2018-14642

Published: Sep 18, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

Affected (4)

Products: Redhat: Undertow, Jboss Enterprise Application Platform

2 products

Jboss Enterprise Application Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Undertow	All versions

Configuration B

3 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 7.1
Redhat Jboss Enterprise Application Platform	Version 7.2
Redhat Jboss Enterprise Application Platform	Version 7.3

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

https://access.redhat.com/errata/RHSA-2019:0362

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:0364

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:0365

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:0380

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:1106

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:1107

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:1108

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:1140

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://access.redhat.com/errata/RHSA-2019:0362

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:0364

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:0365

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:0380

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:1106

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:1107

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:1108

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:1140

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

Timeline

No history available yet.