Vulnerability Details : CVE-2018-14642
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
Vulnerability category: Information leak
Products affected by CVE-2018-14642
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14642
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14642
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
Red Hat, Inc. | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2018-14642
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2018-14642
-
https://access.redhat.com/errata/RHSA-2019:0365
RHSA-2019:0365 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:1107
RHSA-2019:1107 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
1628702 – (CVE-2018-14642) CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random bufferIssue Tracking;Patch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:1140
RHSA-2019:1140 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:0362
RHSA-2019:0362 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:1106
RHSA-2019:1106 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:1108
RHSA-2019:1108 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:0380
RHSA-2019:0380 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:0364
RHSA-2019:0364 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to