VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-d8wq-me7v-aaap

Essentials
Severities (101)
References (16)
Severity details (9)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-d8wq-me7v-aaap
Aliases	CVE-2018-14642 GHSA-vf6r-mmhc-3xcm
Summary	Information Exposure An information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2019:0362
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2019:0362
rhas	Moderate	https://access.redhat.com/errata/RHSA-2019:0364
rhas	Moderate	https://access.redhat.com/errata/RHSA-2019:0365
rhas	Moderate	https://access.redhat.com/errata/RHSA-2019:0380
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1106
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1107
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1108
rhas	Important	https://access.redhat.com/errata/RHSA-2019:1140
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00316	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.02401	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
cvssv3.1	5.3	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2018-14642
cvssv3	5.3	https://nvd.nist.gov/vuln/detail/CVE-2018-14642
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2018-14642

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2019:0362
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-14642
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
911796		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
cpe:2.3:a:redhat:undertow:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:-:::::::*
CVE-2018-14642		https://nvd.nist.gov/vuln/detail/CVE-2018-14642
GHSA-vf6r-mmhc-3xcm		https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
RHEA-2019:1119		https://bugzilla.redhat.com/show_bug.cgi?id=1628702
RHSA-2019:0364		https://access.redhat.com/errata/RHSA-2019:0364
RHSA-2019:0365		https://access.redhat.com/errata/RHSA-2019:0365
RHSA-2019:0380		https://access.redhat.com/errata/RHSA-2019:0380
RHSA-2019:1106		https://access.redhat.com/errata/RHSA-2019:1106
RHSA-2019:1107		https://access.redhat.com/errata/RHSA-2019:1107
RHSA-2019:1108		https://access.redhat.com/errata/RHSA-2019:1108
RHSA-2019:1140		https://access.redhat.com/errata/RHSA-2019:1140

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:0362

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14642

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14642

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14642

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.70912
EPSS Score	0.00316
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.