vulnerability
Red Hat JBoss EAP: CVE-2018-14642: Exposure of Sensitive Information to an Unauthorized Actor
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:S/C:C/I:N/A:N) | Sep 14, 2018 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:S/C:C/I:N/A:N)
Published
Sep 14, 2018
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-200
- CVE-2018-14642
- https://attackerkb.com/topics/CVE-2018-14642
- URL-https://access.redhat.com/security/cve/CVE-2018-14642
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1628702
- URL-https://access.redhat.com/errata/RHSA-2019:0364
- URL-https://access.redhat.com/errata/RHSA-2019:0365
- URL-https://access.redhat.com/errata/RHSA-2019:1106
- URL-https://access.redhat.com/errata/RHSA-2019:1107
- URL-https://access.redhat.com/errata/RHSA-2019:1108
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.