VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pau1-u4du-skcw

Essentials
Severities (47)
References (16)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pau1-u4du-skcw
Aliases	CVE-2018-14642 GHSA-vf6r-mmhc-3xcm
Summary	Exposure of Sensitive Information to an Unauthorized Actor in Undertow An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2019:0362
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2019:0362
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2019:0364
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2019:0364
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2019:0365
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2019:0365
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2019:0380
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2019:0380
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2019:1106
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2019:1106
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2019:1107
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2019:1107
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2019:1108
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2019:1108
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2019:1140
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2019:1140
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
epss	0.00746	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00746	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00746	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00746	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00746	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00746	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00746	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00746	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
epss	0.00776	https://api.first.org/data/v1/epss?cve=CVE-2018-14642
cvssv3.1	5.3	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2018-14642
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2018-14642
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2018-14642

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2019:0362
		https://access.redhat.com/errata/RHSA-2019:0364
		https://access.redhat.com/errata/RHSA-2019:0365
		https://access.redhat.com/errata/RHSA-2019:0380
		https://access.redhat.com/errata/RHSA-2019:1106
		https://access.redhat.com/errata/RHSA-2019:1107
		https://access.redhat.com/errata/RHSA-2019:1108
		https://access.redhat.com/errata/RHSA-2019:1140
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-14642
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
		https://nvd.nist.gov/vuln/detail/CVE-2018-14642
1628702		https://bugzilla.redhat.com/show_bug.cgi?id=1628702
911796		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
cpe:2.3:a:redhat:undertow:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:-:::::::*
GHSA-vf6r-mmhc-3xcm		https://github.com/advisories/GHSA-vf6r-mmhc-3xcm

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:0362

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:0364

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:0365

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:0380

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:1106

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:1107

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:1108

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:1140

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14642

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14642

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.72162
EPSS Score	0.00746
Published At	Sept. 9, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:14:36.350211+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vf6r-mmhc-3xcm/GHSA-vf6r-mmhc-3xcm.json	37.0.0