CVE-2018-1114 — Uncontrolled Resource Consumption in RED HAT Undertow

CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 27.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Undertow RED HAT Undertow Redhat Virtualization +1 more

Timeline

PublishedSep 11

Latest updateMay 13

Description

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶Debianredhat/undertow< 1.4.25-1

▶CVEListV5red_hat/undertown/a

▶NVDredhat/virtualization4.0, 4.2+1

▶NVDredhat/virtualization_host4.0

🔴Vulnerability Details

OSV

Uncontrolled Resource Consumption in Undertow↗2022-05-13

▶

GHSA

Uncontrolled Resource Consumption in Undertow↗2022-05-13

▶

CVEList

CVE-2018-1114: It was found that URLResource↗2018-09-11

▶

OSV

CVE-2018-1114: It was found that URLResource↗2018-09-11

▶

📋Vendor Advisories

Red Hat

undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service↗2018-04-21

▶

Debian

CVE-2018-1114: undertow - It was found that URLResource.getLastModified() in Undertow closes the file desc...↗2018

▶

💬Community

Bugzilla

CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service↗2018-04-30

▶

Bugzilla

CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service [fedora-all]↗2018-04-30

▶