Lucene search
PRIOn knowledge basePRION:CVE-2017-12196HistoryApr 18, 2018 - 1:29 a.m.
Authorization
2018-04-1801:29:00
PRIOn knowledge base
www.prio-n.com
16
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jboss_enterprise_application_platform | eq | 7.0.0 | |
| jboss_fuse | eq | 6.0.0 | |
| undertow | le | 1.4.18 | |
| undertow | eq | 1.4.24 | |
| undertow | eq | 2.0.2 | |
| virtualization | eq | 4.0 |
References
access.redhat.com/errata/RHSA-2018:0478
access.redhat.com/errata/RHSA-2018:0479
access.redhat.com/errata/RHSA-2018:0480
access.redhat.com/errata/RHSA-2018:0481
access.redhat.com/errata/RHSA-2018:1525
access.redhat.com/errata/RHSA-2018:2405
access.redhat.com/errata/RHSA-2018:3768
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196
issues.jboss.org/browse/UNDERTOW-1190
Related
veracode
veracode
Information Disclosure Through Authorization Bypass
2018-03-16 02:36:22
cve
cve
CVE-2017-12196
2018-04-18 01:29:01
nvd
nvd
CVE-2017-12196
2018-04-18 01:29:01
osv
osv
Incorrect Authorization in Undertow
2022-05-13 01:38:10
CVE-2017-12196
2018-04-18 01:29:01
redhatcve
redhatcve
CVE-2017-12196
2020-04-04 17:12:27
debiancve
debiancve
CVE-2017-12196
2018-04-18 01:29:01
ubuntucve
ubuntucve
CVE-2017-12196
2018-04-18 00:00:00
github
github
Incorrect Authorization in Undertow
2022-05-13 01:38:10
cvelist
cvelist
CVE-2017-12196
2018-04-18 01:00:00
redhat
redhat
nessus
nessus
RHEL 6 : JBoss Enterprise Application Platform 7.1.1 on RHEL 6 (Important) (RHSA-2018:0479)
2018-03-14 00:00:00
RHEL 7 : rhvm-appliance (RHSA-2018:1525)
2018-05-18 00:00:00