PT-2018-5383 · Red Hat · Undertow

Stuart Douglas

Publicado

2018-04-18

Atualizado

2025-03-07

CVE-2017-12196

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: undertow versions prior to 1.4.18.SP1 undertow versions prior to 2.0.2.Final undertow versions prior to 1.4.24.Final

Description: The issue arises when using Digest authentication, as the server fails to verify that the URI in the Authorization header matches the URI in the HTTP request line. This oversight allows an attacker to launch a Man-in-the-Middle (MITM) attack, thereby gaining access to desired content on the server.

Recommendations: For versions prior to 1.4.18.SP1, update to version 1.4.18.SP1 or later. For versions prior to 2.0.2.Final, update to version 2.0.2.Final or later. For versions prior to 1.4.24.Final, update to version 1.4.24.Final or later.

Correção

Improper Authentication

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-863

Identificadores relacionados

CVE-2017-12196

GHSA-CP7V-VMV7-6X2Q

OESA-2025-1257

RHSA-2018:0479

RHSA-2018:0480

RHSA-2018:0481

RHSA-2018:1525

Produtos afetados

Undertow

PT-2018-5383 · Red Hat · Undertow

CVE-2017-12196

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24