← back
CVE-2018-1114

CVE-2018-1114

CVSS 6.5 MEDIUMEPSS 2.3%CWE-400
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 2.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
11 Sep 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Red Hat · undertow

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2018:2643https://access.redhat.com/errata/RHSA-2018:2669https://access.redhat.com/errata/RHSA-2019:0877https://bugs.openjdk.java.net/browse/JDK-6956385https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114https://issues.jboss.org/browse/UNDERTOW-1338