CVE-2018-1114
published 2018-09-11CVE-2018-1114: It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to…
medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | undertow | < undertow 1.4.25-1 (forky) | undertow 1.4.25-1 (forky) |
| red_hat | undertow | — | — |
| redhat | undertow | >= 0 < 1.4.25-1 | 1.4.25-1 |
| redhat | virtualization | — | — |
| redhat | virtualization | — | — |
| redhat | virtualization_host | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM