Описание
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0.11 (включая) до 1.0.23 (включая)
cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00366
Низкий
4.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-532
Связанные уязвимости
CVSS3: 4.3
redhat
больше 3 лет назад
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.
CVSS3: 4.3
github
больше 3 лет назад
Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens
EPSS
Процентиль: 58%
0.00366
Низкий
4.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-532