PT-2019-12232 · Cloud Foundry+1 · Cloud Foundry Uaa+1

Publicado

2019-11-25

Atualizado

2020-10-09

CVE-2019-11290

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA Release versions prior to 74.8.0

Description The issue concerns the logging of query parameters, including potential authentication credentials, to tomcat's access file. This could lead to sensitive information being stored in logs if query parameters are used for authentication purposes.

Recommendations For versions prior to 74.8.0, update to version 74.8.0 or later to resolve the issue.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2019-11290

Produtos afetados

Cloud Foundry Uaa

Apache Tomcat

PT-2019-12232 · Cloud Foundry+1 · Cloud Foundry Uaa+1

CVE-2019-11290

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3