PT-2018-12636 · Red Hat · Undertow

Pedro Sampaio

Published

2018-09-18

Updated

2022-05-13

CVE-2018-14642

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Undertow (affected versions not specified)

Description An information leak issue was discovered. It occurs when not all headers are written out in the first write() call, causing the buffer flushing code to write out the full contents of the writevBuffer buffer. This buffer may contain data from previous requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-14642

GHSA-VF6R-MMHC-3XCM

RHSA-2019:0364

RHSA-2019:0365

RHSA-2019:1107

RHSA-2019:1108

Affected Products

Undertow

PT-2018-12636 · Red Hat · Undertow

CVE-2018-14642

Weakness Enumeration

Related Identifiers

Affected Products

References · 19