Description
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
Remediation
References
https://issues.jboss.org/browse/UNDERTOW-1338
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
https://bugs.openjdk.java.net/browse/JDK-6956385
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2019:0877
Related Vulnerabilities
CVE-2017-12617 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2015-8851 Vulnerability in npm package node-uuid
CVE-2021-23382 Vulnerability in npm package postcss
CVE-2020-2177 Vulnerability in maven package org.jenkins-ci.plugins:copr
CVE-2021-35513 Vulnerability in maven package org.webjars.npm:mermaid