Description

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

Remediation

References

CVE-2018-14642

Related Vulnerabilities

SharePoint CVE-2020-16948 Vulnerability (CVE-2020-16948)

WebLogic CVE-2018-2894 Vulnerability (CVE-2018-2894)

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

WebLogic Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-22965)

PHP Out-of-bounds Read Vulnerability (CVE-2019-11035)

Severity

Medium

Classification

CVE-2018-14642 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities