Information Leak Vulnerability in Undertow by Red Hat
CVE-2018-14642
5.3MEDIUM
Summary
An information leak vulnerability was identified in Undertow that could allow sensitive data from previous requests to be inadvertently exposed. This occurs when not all headers are properly written in the initial write call, leading to the complete contents of the writevBuffer being disclosed during buffer flushing. Such a flaw has implications for data privacy and security, potentially allowing unauthorized access to sensitive information. It is critical for users of impacted Undertow versions to apply the necessary security updates to mitigate these risks.
Affected Version(s)
undertow
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved