CVE-2018-1114

MEDIUM6.5EPSS 0.71%

Uncontrolled Resource Consumption in Undertow

發布日:2022/5/13修改日:2026/4/28

也稱為:DEBIAN-CVE-2018-1114

描述

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.

受影響套件(2)

Debian/undertowfrom 0, < 1.4.25-1
Maven/io.undertow:undertow-corefrom 0, < 1.4.25.Final

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

參考連結(8)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1114
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-1114
WEBhttps://access.redhat.com/errata/RHSA-2018:2643
WEBhttps://access.redhat.com/errata/RHSA-2018:2669
WEBhttps://access.redhat.com/errata/RHSA-2019:0877
WEBhttps://bugs.openjdk.java.net/browse/JDK-6956385
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
WEBhttps://issues.jboss.org/browse/UNDERTOW-1338