Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K73059510
HistoryMay 12, 2020 - 12:00 a.m.

K73059510 : Undertow vulnerabilities CVE-2019-10212 and CVE-2020-1745

2020-05-1200:00:00
my.f5.com
7

7.3 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

Security Advisory Description

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files.

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.

Impact

There is no impact; F5 products are not affected by this vulnerability.

Related

osv 4
cvelist 2
debiancve 2
redhatcve 3
ubuntucve 2
symantec 1
veracode 2
prion 2
nvd 2
github 2
cve 2
redhat 25
nessus 12
photon 4
osv
osv
CVE-2019-10212
2019-10-02 19:15:11
Potential to access user credentials from the log files when debug logging enabled
2019-11-20 01:33:54
CVE-2020-1745
2020-04-28 15:15:13
cvelist
cvelist
CVE-2019-10212
2019-10-02 18:22:08
CVE-2020-1745
2020-04-28 00:00:00
debiancve
debiancve
CVE-2019-10212
2019-10-02 19:15:11
CVE-2020-1745
2020-04-28 15:15:13
redhatcve
redhatcve
CVE-2019-10212
2019-09-30 19:52:06
CVE-2020-1938
2020-02-24 06:10:47
CVE-2020-1745
2020-02-26 04:10:51
ubuntucve
ubuntucve
CVE-2019-10212
2019-10-02 00:00:00
CVE-2020-1745
2020-04-28 00:00:00
symantec
symantec
Redhat Undertow CVE-2019-10212 Information Disclosure Vulnerability
2019-09-30 00:00:00
veracode
veracode
Information Disclosure
2019-10-01 00:16:05
Directory Traversal
2020-03-13 00:44:21
prion
prion
Design/Logic Flaw
2019-10-02 19:15:00
Remote code execution
2020-04-28 15:15:00
nvd
nvd
CVE-2019-10212
2019-10-02 19:15:11
CVE-2020-1745
2020-04-28 15:15:13
github
github
Potential to access user credentials from the log files when debug logging enabled
2019-11-20 01:33:54
Improper Authorization in Undertoe
2022-05-24 17:16:46
cve
cve
CVE-2019-10212
2019-10-02 19:15:11
CVE-2020-1745
2020-04-28 15:15:13
redhat
redhat
(RHSA-2020:0813) Critical: Red Hat JBoss Enterprise Application Platform 7.2 security update
2020-03-12 17:07:42
(RHSA-2020:0812) Critical: Red Hat JBoss Enterprise Application Platform 7.2 security update
2020-03-12 17:01:06
(RHSA-2020:0952) Critical: Red Hat Single Sign-On 7.3.7 security update
2020-03-23 20:11:36
nessus
nessus
RHEL 6 / 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.2 (RHSA-2020:0813)
2020-03-16 00:00:00
JFrog < 7.9.0 File Inclusion Vulnerability
2021-03-12 00:00:00
RHEL 6 / 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.3 (RHSA-2020:0962)
2020-03-24 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2020-0285
2020-03-09 00:00:00
Critical Photon OS Security Update - PHSA-2020-0218
2020-03-09 00:00:00
Critical Photon OS Security Update - PHSA-2020-0069
2020-03-14 00:00:00

7.3 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON
Related for F5:K73059510
osv4cvelist2debiancve2redhatcve3ubuntucve2symantec1veracode2prion2nvd2github2cve2redhat25nessus12photon4