Lucene search

RedhatCVE-2019-10212

HistoryOct 02, 2019 - 7:15 p.m.

CVE-2019-10212

2019-10-0219:15:11

CWE-532

redhat

web.nvd.nist.gov

155

cve-2019-10212

undertow

debug log

security

credential exposure

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

73.9%

JSON

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files.

Affected configurations

Nvd

Vulners

Node

redhatundertowRange<2.0.20

Node

redhatjboss_data_gridRange7.0.0–7.3

redhatjboss_data_gridMatch-text-only

redhatjboss_enterprise_application_platformMatch-text-only

redhatjboss_fuseRange7.0.0–7.4

redhatopenshift_application_runtimesMatch-text-only

redhatsingle_sign-onRange7.0–7.3

Node

netappactive_iq_unified_managerMatch-linux

netappactive_iq_unified_managerMatch-vmware_vsphere

netappactive_iq_unified_managerMatch-windows

Node

redhatjboss_enterprise_application_platformMatch7.2

redhatjboss_enterprise_application_platformMatch7.3

redhatjboss_enterprise_application_platformMatch7.4

AND

redhatenterprise_linuxMatch8.0

Node

redhatjboss_enterprise_application_platformMatch7.2

redhatjboss_enterprise_application_platformMatch7.3

redhatjboss_enterprise_application_platformMatch7.4

AND

redhatenterprise_linuxMatch7.0

Node

redhatjboss_enterprise_application_platformMatch7.2

redhatjboss_enterprise_application_platformMatch7.3

AND

redhatenterprise_linuxMatch6.0

VendorProductVersionCPE
redhatundertow*cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
redhatjboss_data_grid*cpe:2.3:a:redhat:jboss_data_grid:*:*:*:*:*:*:*:*
redhatjboss_data_grid-cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
redhatjboss_enterprise_application_platform-cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
redhatjboss_fuse*cpe:2.3:a:redhat:jboss_fuse:*:*:*:*:*:*:*:*
redhatopenshift_application_runtimes-cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
redhatsingle_sign-on*cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
redhat	undertow	*	cpe:2.3:a:redhat:undertow::::::::
redhat	jboss_data_grid	*	cpe:2.3:a:redhat:jboss_data_grid::::::::
redhat	jboss_data_grid	-	cpe:2.3:a:redhat:jboss_data_grid:-::::text-only:::
redhat	jboss_enterprise_application_platform	-	cpe:2.3:a:redhat:jboss_enterprise_application_platform:-::::text-only:::
redhat	jboss_fuse	*	cpe:2.3:a:redhat:jboss_fuse::::::::
redhat	openshift_application_runtimes	-	cpe:2.3:a:redhat:openshift_application_runtimes:-::::text-only:::
redhat	single_sign-on	*	cpe:2.3:a:redhat:single_sign-on::::::::
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "undertow",
    "vendor": "RedHat",
    "versions": [
      {
        "status": "affected",
        "version": "all under 2.0.20"
      }
    ]
  }
]