Home > Vulnerability Database > CVE-2018-14642

Mend.io Vulnerability Database

CVE-2018-14642

Good to know:

Date: September 18, 2018

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

Language: Java

Severity Score

5.3

Related Resources (11)

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-14642

Url: https://access.redhat.com/errata/RHSA-2019:0364

Url: https://access.redhat.com/errata/RHSA-2019:0362

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642

Url: https://access.redhat.com/errata/RHSA-2019:0365

Url: https://access.redhat.com/errata/RHSA-2019:1108

Url: https://access.redhat.com/errata/RHSA-2019:1107

Url: https://access.redhat.com/errata/RHSA-2019:1106

Url: https://access.redhat.com/errata/RHSA-2019:1140

Url: https://access.redhat.com/errata/RHSA-2019:0380

Url: https://www.mend.io/vulnerability-database/CVE-2018-14642

Severity Score

5.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version io.undertow:undertow-core:2.0.17.Final

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-14642

Good to know:

Date: September 18, 2018

Language: Java

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?