Published: 11/09/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat undertow -
redhat virtualization host 4.0
redhat virtualization 4.2
redhat virtualization 4.0

Debian Bug report logs - #897247 undertow: CVE-2018-1114: File descriptor leak caused by JarURLConnectiongetLastModified() allows attacker to cause a denial of service Package: src:undertow; Maintainer for src:undertow is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccors ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 713 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71Red Hat Product Security has rated this update as having a security impact of Moderate A Co ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security ...

Synopsis Important: Fuse 71 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...

Synopsis Important: Red Hat OpenShift Application Runtimes Thorntail 240 security & bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Import ...

Synopsis Important: rhvm-appliance security update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...

It was found that URLResourcegetLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust This leads to a file handler leak ...

CWE-400 https://issues.jboss.org/browse/UNDERTOW-1338 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114 https://bugs.openjdk.java.net/browse/JDK-6956385 https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2019:0877 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:2088

CVE-2018-1114

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect