Lucene search
Veracode Vulnerability DatabaseVERACODE:20541HistoryJun 13, 2019 - 6:24 a.m.
Information Disclosure
2019-06-1306:24:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
EPSS
0.02
Percentile
89.0%
Undertow Core is vulnerable to information disclosure. Confidential information such as HTTP Authentication for HttpServerExchange object at ERROR level are logged in plain text using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) by Connectors.executeRootHandler:402.
References
www.securityfocus.com/bid/108739
access.redhat.com/errata/RHSA-2019:2439
access.redhat.com/errata/RHSA-2019:2998
access.redhat.com/errata/RHSA-2020:0727
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
github.com/undertow-io/undertow/commit/9bf05b765e222dd106fee9b46314061b18b7275e
security.netapp.com/advisory/ntap-20220210-0019/
Related
debiancve
debiancve
CVE-2019-3888
2019-06-12 14:29:04
ubuntucve
ubuntucve
CVE-2019-3888
2019-06-12 00:00:00
osv
osv
CVE-2019-3888
2019-06-12 14:29:04
Credential exposure through log files in Undertow
2019-06-13 20:02:56
github
github
Credential exposure through log files in Undertow
2019-06-13 20:02:56
cve
cve
CVE-2019-3888
2019-06-12 14:29:04
redhatcve
redhatcve
CVE-2019-3888
2019-10-08 23:05:01
cvelist
cvelist
CVE-2019-3888
2019-06-12 13:45:20
prion
prion
Design/Logic Flaw
2019-06-12 14:29:00
nvd
nvd
CVE-2019-3888
2019-06-12 14:29:04
redhat
redhat
nessus
nessus
Red Hat JBoss Enterprise Application Platform 7.x < 7.2.2 Multiple Vulnerabilities
2019-12-19 00:00:00
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.2 on RHEL 6 (RHSA-2019:1419)
2019-06-12 00:00:00
RHEL 7 : Virtualization Manager (RHSA-2019:2439)
2019-08-13 00:00:00