PT-2019-12232 · Cloud Foundry+1 · Cloud Foundry Uaa+1

Published

2019-11-25

Updated

2020-10-09

CVE-2019-11290

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA Release versions prior to 74.8.0

Description The issue concerns the logging of query parameters, including potential authentication credentials, to tomcat's access file. This could lead to sensitive information being stored in logs if query parameters are used for authentication purposes.

Recommendations For versions prior to 74.8.0, update to version 74.8.0 or later to resolve the issue.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2019-11290

Affected Products

Cloud Foundry Uaa

Apache Tomcat

PT-2019-12232 · Cloud Foundry+1 · Cloud Foundry Uaa+1

CVE-2019-11290

Weakness Enumeration

Related Identifiers

Affected Products

References · 3