Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-12196

Опубликовано: 12 мар. 2018
Источник: redhat
CVSS3: 4.8

Описание

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

It was discovered that when using Digest authentication, the server does not ensure that the value of the URI in the authorization header matches the URI in the HTTP request line. This allows the attacker to execute a MITM attack and access the desired content on the server.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Fuse 6camelWill not fix
Red Hat JBoss Fuse Integration Service 2undertowAffected
Red Hat Single Sign-On 7undertowNot affected
Red Hat Fuse 7.2FixedRHSA-2018:376804.12.2018
Red Hat Fuse Intergration Services 2.0 based on Fuse 6.3 R7undertowFixedRHSA-2018:240514.08.2018
Red Hat JBoss EAP 7undertowFixedRHSA-2018:047812.03.2018
Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6eap7-activemq-artemisFixedRHSA-2018:047912.03.2018
Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6eap7-apache-cxfFixedRHSA-2018:047912.03.2018
Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6eap7-glassfish-jsfFixedRHSA-2018:047912.03.2018
Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6eap7-hibernateFixedRHSA-2018:047912.03.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1503055undertow: Client can use bogus uri in Digest authentication

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-12196

CVSS3: 4.8
ubuntu
почти 8 лет назад

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

nvd логотип

CVE-2017-12196

CVSS3: 4.8
nvd
почти 8 лет назад

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

debian логотип

CVE-2017-12196

CVSS3: 4.8
debian
почти 8 лет назад

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was fou ...

github логотип

GHSA-cp7v-vmv7-6x2q

CVSS3: 5.9
github
больше 3 лет назад

Incorrect Authorization in Undertow

4.8 Medium

CVSS3