PT-2018-5383 · Red Hat · Undertow

Stuart Douglas

Published

2018-04-18

Updated

2025-03-07

CVE-2017-12196

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: undertow versions prior to 1.4.18.SP1 undertow versions prior to 2.0.2.Final undertow versions prior to 1.4.24.Final

Description: The issue arises when using Digest authentication, as the server fails to verify that the URI in the Authorization header matches the URI in the HTTP request line. This oversight allows an attacker to launch a Man-in-the-Middle (MITM) attack, thereby gaining access to desired content on the server.

Recommendations: For versions prior to 1.4.18.SP1, update to version 1.4.18.SP1 or later. For versions prior to 2.0.2.Final, update to version 2.0.2.Final or later. For versions prior to 1.4.24.Final, update to version 1.4.24.Final or later.

Fix

Improper Authentication

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-863

Related Identifiers

CVE-2017-12196

GHSA-CP7V-VMV7-6X2Q

OESA-2025-1257

RHSA-2018:0479

RHSA-2018:0480

RHSA-2018:0481

RHSA-2018:1525

Affected Products

Undertow

PT-2018-5383 · Red Hat · Undertow

CVE-2017-12196

Weakness Enumeration

Related Identifiers

Affected Products

References · 24