PT-2019-15219 · Lightbend · Lightbend Play Framework

Sunny Chotai

Publicado

2019-11-05

Atualizado

2022-05-24

CVE-2019-17598

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Lightbend Play Framework versions 2.5.x through 2.6.23

Description An issue was discovered in the Lightbend Play Framework. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes expose the proxy credentials to the target host, typically under high load when connecting to a target host using https.

Recommendations For versions 2.5.x through 2.6.23, consider reconfiguring the proxy settings to avoid using authenticated HTTP proxies until a fix is available. As a temporary workaround, restrict access to sensitive resources that may be exposed due to this issue.

Correção

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

CVE-2019-17598

GHSA-442G-GCG6-MHM4

Produtos afetados

Lightbend Play Framework

PT-2019-15219 · Lightbend · Lightbend Play Framework

CVE-2019-17598

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6