undertow-core is vulnerable to denial of service (DoS) attacks. The application calls the JarURLConnection.getLastModified()
method causes file handle to remain open and leak file descriptors, causing that file to become unavailable for others.
access.redhat.com/errata/RHSA-2018:2643
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2019:0877
bugs.openjdk.java.net/browse/JDK-6956385
bugzilla.redhat.com/show_bug.cgi?id=1573045
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
github.com/undertow-io/undertow/pull/638
issues.jboss.org/browse/UNDERTOW-1338