6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
undertow-core is vulnerable to denial of service (DoS) attacks. The application calls the JarURLConnection.getLastModified()
method causes file handle to remain open and leak file descriptors, causing that file to become unavailable for others.
CPE | Name | Operator | Version |
---|---|---|---|
undertow core | le | 2.0.4.Final | |
undertow core | le | 1.4.25.Final |
access.redhat.com/errata/RHSA-2018:2643
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2019:0877
bugs.openjdk.java.net/browse/JDK-6956385
bugzilla.redhat.com/show_bug.cgi?id=1573045
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
github.com/undertow-io/undertow/pull/638
issues.jboss.org/browse/UNDERTOW-1338
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P