VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-c121-s5qm-aaaj

Essentials
Severities (108)
References (21)
Severity details (10)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-c121-s5qm-aaaj
Aliases	CVE-2018-1114 GHSA-gjjx-gqm4-wcgm
Summary	Uncontrolled Resource Consumption It was found that `URLResource.getLastModified()` in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2088
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2089
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2090
rhas	Important	https://access.redhat.com/errata/RHSA-2018:2643
rhas	Important	https://access.redhat.com/errata/RHSA-2018:2669
rhas	Important	https://access.redhat.com/errata/RHSA-2019:0877
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.00724	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
epss	0.01594	https://api.first.org/data/v1/epss?cve=CVE-2018-1114
cvssv3.1	6.5	https://bugs.openjdk.java.net/browse/JDK-6956385
generic_textual	MODERATE	https://bugs.openjdk.java.net/browse/JDK-6956385
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1573045
cvssv3.1	6.5	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
cvssv3.1	6.5	https://issues.jboss.org/browse/UNDERTOW-1338
generic_textual	MODERATE	https://issues.jboss.org/browse/UNDERTOW-1338
cvssv2	4.0	https://nvd.nist.gov/vuln/detail/CVE-2018-1114
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2018-1114

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-1114
		https://bugs.openjdk.java.net/browse/JDK-6956385
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
		https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
		https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
		https://issues.jboss.org/browse/UNDERTOW-1338
1573045		https://bugzilla.redhat.com/show_bug.cgi?id=1573045
897247		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
cpe:2.3:a:redhat:undertow:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:-:::::::*
cpe:2.3:a:redhat:virtualization:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:::::::*
cpe:2.3:a:redhat:virtualization:4.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.2:::::::*
cpe:2.3:a:redhat:virtualization_host:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
CVE-2018-1114		https://nvd.nist.gov/vuln/detail/CVE-2018-1114
GHSA-gjjx-gqm4-wcgm		https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
RHSA-2018:2088		https://access.redhat.com/errata/RHSA-2018:2088
RHSA-2018:2089		https://access.redhat.com/errata/RHSA-2018:2089
RHSA-2018:2090		https://access.redhat.com/errata/RHSA-2018:2090
RHSA-2018:2643		https://access.redhat.com/errata/RHSA-2018:2643
RHSA-2018:2669		https://access.redhat.com/errata/RHSA-2018:2669
RHSA-2019:0877		https://access.redhat.com/errata/RHSA-2019:0877

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugs.openjdk.java.net/browse/JDK-6956385

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://issues.jboss.org/browse/UNDERTOW-1338

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1114

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1114

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.73324
EPSS Score	0.00376
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.