CVE-2018-1114
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-1114
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat Undertow 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Undertow是美国红帽(Red Hat)公司的一款基于Java的嵌入式Web服务器,是Wildfly(Java应用服务器)默认的Web服务器。 Red Hat Undertow中的‘URLResource.getLastModified()’函数存在安全漏洞。攻击者可利用该漏洞造成拒绝服务(文件描述符耗尽)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2018-1114
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | None | https://github.com/andikahilmy/CVE-2018-1114-undertow-vulnerable | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-1114
Please Login to view more intelligence information
- https://issues.jboss.org/browse/UNDERTOW-1338x_refsource_MISC
- https://bugs.openjdk.java.net/browse/JDK-6956385x_refsource_MISC
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2018-1114
Same Patch Batch · Red Hat · 2018-09-11 · 9 CVEs total
| CVE-2016-0750 | Infinispan hotrod java客户端安全漏洞 | |
| CVE-2016-7047 | Red Hat CloudForms Management Engine 信息泄露漏洞 | |
| CVE-2016-7070 | Ansible Tower 权限许可和访问控制漏洞 | |
| CVE-2016-7066 | Red Hat JBoss Enterprise Application Platform 安全漏洞 | |
| CVE-2018-10893 | Red Hat spice-client 安全漏洞 | |
| CVE-2018-10935 | Red Hat 389 Directory Server 安全漏洞 | |
| CVE-2018-1127 | Red Hat Gluster Storage Tendrl API 安全漏洞 | |
| CVE-2018-10937 | Red Hat Openshift Container Platform tetonic-console组件跨站脚本漏洞 |
IV. Related Vulnerabilities
Same vendor: Red Hat
- CVE-2026-42011
Gnutls: gnutls: security bypass due to incorrect name constr - CVE-2026-42010
Gnutls: gnutls: authentication bypass via nul character in u - CVE-2026-6420
Keylime: keylime: security bypass due to hardcoded tpm quote - CVE-2026-34956
Openvswitch: open vswitch: denial of service via malformed f - CVE-2026-34002
Xorg: xwayland: x.org x server: information disclosure or de
Same weakness: CWE-400
- CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service - CVE-2026-32936
CoreDNS DoH GET path missing size validation causes CPU and
V. Comments for CVE-2018-1114
No comments yet