An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
access.redhat.com/errata/RHSA-2019:0362
access.redhat.com/errata/RHSA-2019:0364
access.redhat.com/errata/RHSA-2019:0365
access.redhat.com/errata/RHSA-2019:0380
access.redhat.com/errata/RHSA-2019:1106
access.redhat.com/errata/RHSA-2019:1107
access.redhat.com/errata/RHSA-2019:1108
access.redhat.com/errata/RHSA-2019:1140
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
nvd.nist.gov/vuln/detail/CVE-2018-14642