Information Leak Vulnerability in Undertow by Red Hat
CVE-2018-14642

5.3MEDIUM

Key Information:

Vendor
Red Hat
Status
Undertow
Vendor
CVE Published:
18 September 2018

Summary

An information leak vulnerability was identified in Undertow that could allow sensitive data from previous requests to be inadvertently exposed. This occurs when not all headers are properly written in the initial write call, leading to the complete contents of the writevBuffer being disclosed during buffer flushing. Such a flaw has implications for data privacy and security, potentially allowing unauthorized access to sensitive information. It is critical for users of impacted Undertow versions to apply the necessary security updates to mitigate these risks.

Affected Version(s)

undertow

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:0364
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0362
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.