GHSA-cp7v-vmv7-6x2q

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Incorrect Authorization in Undertow

Undertow before versions 1.4.18.SP1 (not findable in Maven), 2.0.2.Final, and 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

Ссылки

Пакеты

Наименование

io.undertow:undertow-core

maven

Затронутые версииВерсия исправления

>= 2.0.0.Alpha1, <= 2.0.1.Final

2.0.2.FInal

Наименование

io.undertow:undertow-core

maven

Затронутые версииВерсия исправления

<= 1.4.23.Final

1.4.24.Final

EPSS

Процентиль: 44%

0.00214

Низкий

5.9 Medium

CVSS3

CVE ID

CVE-2017-12196

Дефекты

CWE-863

Связанные уязвимости

CVE-2017-12196

CVSS3: 4.8

ubuntu

почти 8 лет назад

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.