Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1namp4LWdxbTQtd2Nnbc4AARHF
Uncontrolled Resource Consumption in Undertow
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
Permalink: https://github.com/advisories/GHSA-gjjx-gqm4-wcgmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1namp4LWdxbTQtd2Nnbc4AARHF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-gjjx-gqm4-wcgm, CVE-2018-1114
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1114
- https://access.redhat.com/errata/RHSA-2018:2643
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2019:0877
- https://bugs.openjdk.java.net/browse/JDK-6956385
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
- https://issues.jboss.org/browse/UNDERTOW-1338
- https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
Affected Packages
maven:io.undertow:undertow-core
Dependent packages: 912Dependent repositories: 5,259
Downloads:
Affected Version Ranges: >= 2.0.0.Alpha1, <= 2.0.4.Final, <= 1.4.24.FInal
Fixed in: 2.0.5.Final, 1.4.25.Final
All affected versions: 1.4.2-0.Final, 1.4.2-1.Final, 1.4.2-2.Final, 1.4.2-3.Final
All unaffected versions: