PT-2019-5311 · Red Hat · Undertow

Marian Rehak

Publicado

2019-10-02

Atualizado

2025-03-07

CVE-2019-10212

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Undertow versions prior to 2.0.20

Description A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. The vulnerability is related to the disclosure of information through log files and can be exploited by a remote attacker.

Recommendations For versions prior to 2.0.20, consider disabling the DEBUG log for io.undertow.request.security to prevent the disclosure of user credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

BDU:2020-02258

CVE-2019-10212

GHSA-8VH8-VC28-M2HF

OESA-2025-1257

RHSA-2019:2935

RHSA-2019:2936

RHSA-2019:2937

Produtos afetados

Undertow

PT-2019-5311 · Red Hat · Undertow

CVE-2019-10212

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22