An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-14642 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 5.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | None |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat Virtualization 4 | rhvm-appliance | Affected |
| Red Hat Single Sign-On 7 | undertow | Under investigation |
| Red Hat OpenShift Application Runtimes 1.0 | swarm | Under investigation |
| Red Hat JBoss Fuse 7 | undertow | Under investigation |
| Red Hat JBoss Fuse 6 | undertow | Under investigation |
| Red Hat JBoss EAP 7 | undertow | Affected |
| Red Hat JBoss EAP 6 | jbossweb | Under investigation |
| Red Hat JBoss Data Grid 7 | undertow | Under investigation |
Vulmon