Candidate: CVE-2018-14642
PublicDate: 2018-09-18 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14642
 https://bugzilla.redhat.com/show_bug.cgi?id=1628702
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
Description:
 An information leak vulnerability was found in Undertow. If all headers are
 not written out in the first write() call then the code that handles
 flushing the buffer will always write out the full contents of the
 writevBuffer buffer, which may contain data from previous requests.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]


Patches_undertow:
upstream_undertow: needs-triage
precise/esm_undertow: DNE
trusty_undertow: DNE
trusty/esm_undertow: DNE
xenial_undertow: ignored (end of standard support, was needs-triage)
bionic_undertow: needs-triage
cosmic_undertow: ignored (reached end-of-life)
disco_undertow: ignored (reached end-of-life)
eoan_undertow: released (2.0.23-1)
focal_undertow: released (2.0.23-1)
groovy_undertow: released (2.0.23-1)
hirsute_undertow: released (2.0.23-1)
impish_undertow: released (2.0.23-1)
jammy_undertow: released (2.0.23-1)
devel_undertow: released (2.0.23-1)