6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
undertow-core is vulnerable to denial of service (DoS) attacks. The application calls the JarURLConnection.getLastModified()
method causes file handle to remain open and leak file descriptors, causing that file to become unavailable for others.
access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/
access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1
access.redhat.com/errata/RHSA-2018:2089
access.redhat.com/errata/RHSA-2018:2643
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2019:0877
access.redhat.com/security/cve/CVE-2018-1114
access.redhat.com/security/updates/classification/#moderate
bugs.openjdk.java.net/browse/JDK-6956385
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
issues.jboss.org/browse/JBEAP-14431
issues.jboss.org/browse/UNDERTOW-1338
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P