Main Vulnerability Database Vulnerabilities #VU20069

#VU20069 Memory leak in Undertow - CVE-2018-1114

Published: August 13, 2019

Vulnerability identifier: #VU20069

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-1114

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Undertow

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in URLResource.getLastModified() function in Undertow due to the method closes file descriptors only when they are finalized. A remote attacker can initiate opening of numerous URLs and exhaust all file descriptors, leading to a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2019:0877
https://bugs.openjdk.java.net/browse/JDK-6956385
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
https://issues.jboss.org/browse/UNDERTOW-1338

#VU20069 Memory leak in Undertow - CVE-2018-1114

Description

Remediation

External links

Please verify you're human