Lucene search
Redhat.comRH:CVE-2022-31684HistoryNov 09, 2022 - 2:56 p.m.
CVE-2022-31684
2022-11-0914:56:28
redhat.com
access.redhat.com
52
reactor netty http server
request headers
invalid requests
attacker
privileged information
warn level logging
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
30.4%
A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled.
Related
osv
osv
Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens
2022-10-20 12:00:17
CVE-2022-31684
2022-10-19 22:15:10
prion
prion
Cross site request forgery (csrf)
2022-10-19 22:15:00
github
github
Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens
2022-10-20 12:00:17
spring
spring
CVE-2022-31684: Reactor Netty HTTP Server may log request headers
2022-10-20 12:45:00
This Week in Spring - October 25th, 2022
2022-10-24 07:00:00
nvd
nvd
CVE-2022-31684
2022-10-19 22:15:10
cve
cve
CVE-2022-31684
2022-10-19 22:15:10
veracode
veracode
Information Disclosure
2022-10-21 08:04:34
cvelist
cvelist
CVE-2022-31684
2022-10-19 00:00:00
ibm
ibm
redhat
redhat
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
30.4%
Related for RH:CVE-2022-31684