Medium severity6.5NVD Advisory· Published Sep 11, 2018· Updated Jun 17, 2026
CVE-2018-1114
CVE-2018-1114
Description
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-coreMaven | < 1.4.25.Final | 1.4.25.Final |
io.undertow:undertow-coreMaven | >= 2.0.0.Alpha1, < 2.0.5.Final | 2.0.5.Final |
Affected products
2Patches
Vulnerability mechanics
References
8- access.redhat.com/errata/RHSA-2018:2643nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2669nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:0877nvdVendor AdvisoryWEB
- bugs.openjdk.java.net/browse/JDK-6956385nvdThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-gjjx-gqm4-wcgmghsaADVISORY
- issues.jboss.org/browse/UNDERTOW-1338nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1114ghsaADVISORY
News mentions
0No linked articles in our index yet.