Description

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

Remediation

References

CVE-2018-14642

Related Vulnerabilities

WordPress Plugin ARI Adminer-WordPress Database Manager Cross-Site Request Forgery (1.1.13)

GlassFish CVE-2011-3559 Vulnerability (CVE-2011-3559)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4194)

WordPress Plugin Responsive Notification Bar for WordPress-Apex Notification Bar Lite includes Backdoor [Only if downloaded via the vendor website] (2.0.4)

Magento CVE-2019-8122 Vulnerability (CVE-2019-8122)

Severity

Medium

Classification

CVE-2018-14642 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities