PT-2019-5311 · Red Hat · Undertow

Marian Rehak

Published

2019-10-02

Updated

2025-03-07

CVE-2019-10212

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Undertow versions prior to 2.0.20

Description A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. The vulnerability is related to the disclosure of information through log files and can be exploited by a remote attacker.

Recommendations For versions prior to 2.0.20, consider disabling the DEBUG log for io.undertow.request.security to prevent the disclosure of user credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

BDU:2020-02258

CVE-2019-10212

GHSA-8VH8-VC28-M2HF

OESA-2025-1257

RHSA-2019:2935

RHSA-2019:2936

RHSA-2019:2937

Affected Products

Undertow

PT-2019-5311 · Red Hat · Undertow

CVE-2019-10212

Weakness Enumeration

Related Identifiers

Affected Products

References · 22