PT-2018-12636 · Red Hat · Undertow

Pedro Sampaio

Publicado

2018-09-18

Atualizado

2022-05-13

CVE-2018-14642

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Undertow (affected versions not specified)

Description An information leak issue was discovered. It occurs when not all headers are written out in the first write() call, causing the buffer flushing code to write out the full contents of the writevBuffer buffer. This buffer may contain data from previous requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-14642

GHSA-VF6R-MMHC-3XCM

RHSA-2019:0364

RHSA-2019:0365

RHSA-2019:1107

RHSA-2019:1108

Produtos afetados

Undertow

PT-2018-12636 · Red Hat · Undertow

CVE-2018-14642

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19