DEBIAN-CVE-2018-14642

DEBIAN-CVE-2018-14642 PUBLISHED CVSS 5.300000190734863 MEDIUM

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:14	undertow	0, 1.3.11-1, 1.3.16-1

Timeline

Sep 18, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-14642 advisory

Open in Interactive Console →