Candidate: CVE-2018-1114
PublicDate: 2018-09-11 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1114
 https://issues.jboss.org/browse/UNDERTOW-1338
 https://bugs.openjdk.java.net/browse/JDK-6956385
Description:
 It was found that URLResource.getLastModified() in Undertow closes the file
 descriptors only when they are finalized which can cause file descriptors
 to exhaust. This leads to a file handler leak.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_undertow:
 upstream: https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
upstream_undertow: released (2.0.5)
precise/esm_undertow: DNE
trusty_undertow: DNE
trusty/esm_undertow: DNE
xenial_undertow: ignored (end of standard support, was needs-triage)
artful_undertow: ignored (reached end-of-life)
bionic_undertow: needs-triage
cosmic_undertow: ignored (reached end-of-life)
disco_undertow: not-affected (1.4.25-2)
eoan_undertow: ignored (reached end-of-life)
focal_undertow: needs-triage
groovy_undertow: ignored (reached end-of-life)
hirsute_undertow: ignored (reached end-of-life)
impish_undertow: needs-triage
jammy_undertow: needs-triage
devel_undertow: needs-triage