CVE-2018-14642
CVE-2018-14642
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 2.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
18 sep 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Red Hat · undertow¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2019:0362https://access.redhat.com/errata/RHSA-2019:0364https://access.redhat.com/errata/RHSA-2019:0365https://access.redhat.com/errata/RHSA-2019:0380https://access.redhat.com/errata/RHSA-2019:1106https://access.redhat.com/errata/RHSA-2019:1107https://access.redhat.com/errata/RHSA-2019:1108https://access.redhat.com/errata/RHSA-2019:1140https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642