Bug 1628702 (CVE-2018-14642) - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer
Summary: CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can se...
Status: NEW
Alias: CVE-2018-14642
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20180914,repor...
Keywords: Security
Depends On: 1651413
Blocks: 1628704
TreeView+ depends on / blocked
 
Reported: 2018-09-13 18:24 UTC by Pedro Sampaio
Modified: 2019-06-30 21:44 UTC (History)
51 users (show)

(edit)
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:0362 None None None 2019-02-18 15:42 UTC
Red Hat Product Errata RHSA-2019:0364 None None None 2019-02-18 15:46 UTC
Red Hat Product Errata RHSA-2019:0365 None None None 2019-02-18 15:49 UTC
Red Hat Product Errata RHSA-2019:0380 None None None 2019-02-19 17:19 UTC
Red Hat Product Errata RHSA-2019:1106 None None None 2019-05-08 12:04 UTC
Red Hat Product Errata RHSA-2019:1107 None None None 2019-05-08 12:09 UTC
Red Hat Product Errata RHSA-2019:1108 None None None 2019-05-08 12:11 UTC
Red Hat Product Errata RHSA-2019:1140 None None None 2019-05-09 18:14 UTC

Description Pedro Sampaio 2018-09-13 18:24:25 UTC
In some circumstances Undertow can serve data from a random ByteBuffer, this is due to an incomplete fix for UNDERTOW-438.

Basically if all the headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

Upstream bug:

https://issues.jboss.org/browse/JBEAP-15428

Upstream patch:

https://github.com/jbossas/redhat-undertow/commit/e65ad5b410f95b166ff04f876e22f873e9b4ce62

Comment 6 errata-xmlrpc 2019-02-18 15:42:52 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2019:0362 https://access.redhat.com/errata/RHSA-2019:0362

Comment 7 errata-xmlrpc 2019-02-18 15:46:46 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6

Via RHSA-2019:0364 https://access.redhat.com/errata/RHSA-2019:0364

Comment 8 errata-xmlrpc 2019-02-18 15:49:10 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7

Via RHSA-2019:0365 https://access.redhat.com/errata/RHSA-2019:0365

Comment 9 errata-xmlrpc 2019-02-19 17:19:01 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.2.6 zip

Via RHSA-2019:0380 https://access.redhat.com/errata/RHSA-2019:0380

Comment 10 errata-xmlrpc 2019-05-08 12:04:08 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2019:1106 https://access.redhat.com/errata/RHSA-2019:1106

Comment 11 errata-xmlrpc 2019-05-08 12:09:15 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6

Via RHSA-2019:1107 https://access.redhat.com/errata/RHSA-2019:1107

Comment 12 errata-xmlrpc 2019-05-08 12:11:32 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7

Via RHSA-2019:1108 https://access.redhat.com/errata/RHSA-2019:1108

Comment 13 errata-xmlrpc 2019-05-09 18:14:52 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.3.1 zip

Via RHSA-2019:1140 https://access.redhat.com/errata/RHSA-2019:1140

Comment 14 Joshua Padman 2019-05-15 22:57:08 UTC
This vulnerability is out of security support scope for the following products:
 * Red Hat Enterprise Application Platform 6
 * Red Hat JBoss Fuse 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.


Note You need to log in before you can comment on or make changes to this bug.