Bug 1628702 (CVE-2018-14642) - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer
Summary: CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can se...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-14642
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1651413
Blocks: 1628704
TreeView+ depends on / blocked
 
Reported: 2018-09-13 18:24 UTC by Pedro Sampaio
Modified: 2019-09-29 14:58 UTC (History)
51 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-22 02:46:59 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:0362 None None None 2019-02-18 15:42:54 UTC
Red Hat Product Errata RHSA-2019:0364 None None None 2019-02-18 15:46:48 UTC
Red Hat Product Errata RHSA-2019:0365 None None None 2019-02-18 15:49:12 UTC
Red Hat Product Errata RHSA-2019:0380 None None None 2019-02-19 17:19:02 UTC
Red Hat Product Errata RHSA-2019:1106 None None None 2019-05-08 12:04:10 UTC
Red Hat Product Errata RHSA-2019:1107 None None None 2019-05-08 12:09:17 UTC
Red Hat Product Errata RHSA-2019:1108 None None None 2019-05-08 12:11:36 UTC
Red Hat Product Errata RHSA-2019:1140 None None None 2019-05-09 18:14:54 UTC

Description Pedro Sampaio 2018-09-13 18:24:25 UTC
In some circumstances Undertow can serve data from a random ByteBuffer, this is due to an incomplete fix for UNDERTOW-438.

Basically if all the headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

Upstream bug:

https://issues.jboss.org/browse/JBEAP-15428

Upstream patch:

https://github.com/jbossas/redhat-undertow/commit/e65ad5b410f95b166ff04f876e22f873e9b4ce62

Comment 6 errata-xmlrpc 2019-02-18 15:42:52 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2019:0362 https://access.redhat.com/errata/RHSA-2019:0362

Comment 7 errata-xmlrpc 2019-02-18 15:46:46 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6

Via RHSA-2019:0364 https://access.redhat.com/errata/RHSA-2019:0364

Comment 8 errata-xmlrpc 2019-02-18 15:49:10 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7

Via RHSA-2019:0365 https://access.redhat.com/errata/RHSA-2019:0365

Comment 9 errata-xmlrpc 2019-02-19 17:19:01 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.2.6 zip

Via RHSA-2019:0380 https://access.redhat.com/errata/RHSA-2019:0380

Comment 10 errata-xmlrpc 2019-05-08 12:04:08 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2019:1106 https://access.redhat.com/errata/RHSA-2019:1106

Comment 11 errata-xmlrpc 2019-05-08 12:09:15 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6

Via RHSA-2019:1107 https://access.redhat.com/errata/RHSA-2019:1107

Comment 12 errata-xmlrpc 2019-05-08 12:11:32 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7

Via RHSA-2019:1108 https://access.redhat.com/errata/RHSA-2019:1108

Comment 13 errata-xmlrpc 2019-05-09 18:14:52 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.3.1 zip

Via RHSA-2019:1140 https://access.redhat.com/errata/RHSA-2019:1140

Comment 14 Joshua Padman 2019-05-15 22:57:08 UTC
This vulnerability is out of security support scope for the following products:
 * Red Hat Enterprise Application Platform 6
 * Red Hat JBoss Fuse 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 15 Product Security DevOps Team 2019-08-22 02:46:59 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-14642

Comment 16 Joshua Padman 2019-08-28 11:18:23 UTC
RH Single Sign-On has been fixed since 7.3.2 which included undertow-core-2.0.19.Final-redhat-00001.jar

Comment 17 Paramvir jindal 2019-08-30 11:14:31 UTC
Marked JDG as not affected as it already includes fixed version undertow-core i.e. :

JDG7.3.2/modules/system/layers/base/.overlays/layer-base-jboss-jdg-7.3.2.CP/io/undertow/core/main/undertow-core-2.0.19.Final-redhat-00001.jar

Comment 18 Jonathan Christison 2019-08-30 11:55:51 UTC
Marked Fuse as not affected as undertow versions defined in poms is 2.0.20.Final-redhat-00001


Note You need to log in before you can comment on or make changes to this bug.