Search for vulnerabilities
Vulnerability details: VCID-9hgv-ea7a-uycv
Vulnerability ID VCID-9hgv-ea7a-uycv
Aliases CVE-2018-1114
GHSA-gjjx-gqm4-wcgm
Summary It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-400 Uncontrolled Resource Consumption
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2018:2643
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:2643
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2018:2669
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:2669
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2019:0877
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2019:0877
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00684 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2018-1114
cvssv3.1 6.5 https://bugs.openjdk.java.net/browse/JDK-6956385
generic_textual MODERATE https://bugs.openjdk.java.net/browse/JDK-6956385
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
cvssv3.1 6.5 https://issues.jboss.org/browse/UNDERTOW-1338
generic_textual MODERATE https://issues.jboss.org/browse/UNDERTOW-1338
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2018-1114
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-1114
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-1114
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2018-1114
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2019:0877
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
https://api.first.org/data/v1/epss?cve=CVE-2018-1114
https://bugs.openjdk.java.net/browse/JDK-6956385
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
https://issues.jboss.org/browse/UNDERTOW-1338
https://nvd.nist.gov/vuln/detail/CVE-2018-1114
1573045 https://bugzilla.redhat.com/show_bug.cgi?id=1573045
897247 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
GHSA-gjjx-gqm4-wcgm https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2018:2643
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2018:2669
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2019:0877
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugs.openjdk.java.net/browse/JDK-6956385
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://issues.jboss.org/browse/UNDERTOW-1338
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1114
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1114
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1114
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.70667
EPSS Score 0.00684
Published At Aug. 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T07:58:48.874776+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 37.0.0