Description
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Red Hat | undertow | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
|
Configuration 4 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Data Grid 7.3.3 | |||
| undertow | cpe:/a:redhat:jboss_data_grid:7.3 | RHSA-2020:0727 | 2020-03-05T00:00:00Z |
| Red Hat Fuse 7.6.0 | |||
| undertow | cpe:/a:redhat:jboss_fuse:7 | RHSA-2020:0983 | 2020-03-26T00:00:00Z |
| Red Hat JBoss EAP 7.2 | |||
| cpe:/a:redhat:jboss_enterprise_application_platform:7.2 | RHSA-2019:1424 | 2019-06-10T00:00:00Z | |
| Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 | |||
| eap7-apache-commons-codec-0:1.11.0-2.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-apache-cxf-0:3.2.7-2.redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-hal-console-0:3.0.11-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-hibernate-0:5.3.10-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-hornetq-0:2.4.7-7.Final_redhat_2.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-ironjacamar-0:1.4.16-2.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-javassist-0:3.23.2-2.GA_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-jboss-ejb-client-0:4.0.18-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-jboss-marshalling-0:2.0.7-2.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-jboss-modules-0:1.8.8-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-jboss-openjdk-orb-0:8.1.3-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-jboss-remoting-0:5.0.9-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-jboss-server-migration-0:1.3.1-2.Final_redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-jboss-xnio-base-0:3.6.6-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-jgroups-0:4.0.19-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-picketlink-bindings-0:2.5.5-17.SP12_redhat_00005.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-picketlink-federation-0:2.5.5-17.SP12_redhat_00005.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-resteasy-0:3.6.1-5.SP5_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-undertow-0:2.0.20-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-weld-core-0:3.0.6-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-wildfly-0:7.2.2-2.GA_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-wildfly-common-0:1.5.1-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-wildfly-discovery-0:1.1.2-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-wildfly-http-client-0:1.0.15-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| eap7-wildfly-naming-client-0:1.0.10-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:1419 | 2019-06-10T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 | |||
| eap7-apache-commons-codec-0:1.11.0-2.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-apache-cxf-0:3.2.7-2.redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-hal-console-0:3.0.11-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-hibernate-0:5.3.10-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-hornetq-0:2.4.7-7.Final_redhat_2.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-ironjacamar-0:1.4.16-2.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-javassist-0:3.23.2-2.GA_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-jboss-ejb-client-0:4.0.18-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-jboss-marshalling-0:2.0.7-2.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-jboss-modules-0:1.8.8-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-jboss-openjdk-orb-0:8.1.3-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-jboss-remoting-0:5.0.9-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-jboss-server-migration-0:1.3.1-2.Final_redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-jboss-xnio-base-0:3.6.6-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-jgroups-0:4.0.19-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-picketlink-bindings-0:2.5.5-17.SP12_redhat_00005.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-picketlink-federation-0:2.5.5-17.SP12_redhat_00005.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-resteasy-0:3.6.1-5.SP5_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-undertow-0:2.0.20-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-weld-core-0:3.0.6-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-wildfly-0:7.2.2-2.GA_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-wildfly-common-0:1.5.1-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-wildfly-discovery-0:1.1.2-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-wildfly-http-client-0:1.0.15-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| eap7-wildfly-naming-client-0:1.0.10-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:1420 | 2019-06-10T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 | |||
| eap7-apache-commons-codec-0:1.11.0-2.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-apache-cxf-0:3.2.7-2.redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-hal-console-0:3.0.11-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-hibernate-0:5.3.10-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-hornetq-0:2.4.7-7.Final_redhat_2.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-ironjacamar-0:1.4.16-2.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-javassist-0:3.23.2-2.GA_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-jboss-ejb-client-0:4.0.18-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-jboss-marshalling-0:2.0.7-2.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-jboss-modules-0:1.8.8-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-jboss-openjdk-orb-0:8.1.3-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-jboss-remoting-0:5.0.9-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-jboss-server-migration-0:1.3.1-2.Final_redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-jboss-xnio-base-0:3.6.6-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-jgroups-0:4.0.19-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-picketlink-bindings-0:2.5.5-17.SP12_redhat_00005.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-picketlink-federation-0:2.5.5-17.SP12_redhat_00005.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-resteasy-0:3.6.1-5.SP5_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-undertow-0:2.0.20-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-weld-core-0:3.0.6-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-wildfly-0:7.2.2-2.GA_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-wildfly-common-0:1.5.1-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-wildfly-discovery-0:1.1.2-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-wildfly-http-client-0:1.0.15-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| eap7-wildfly-naming-client-0:1.0.10-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:1421 | 2019-06-10T00:00:00Z |
| Red Hat Single Sign-On 7.3.2 zip | |||
| undertow | cpe:/a:redhat:jboss_single_sign_on:7.3 | RHSA-2019:1456 | 2019-06-11T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | |||
| rhvm-appliance-0:4.3-20190722.0.el7 | cpe:/o:redhat:enterprise_linux:7::hypervisor | RHSA-2019:2439 | 2019-08-12T00:00:00Z |
| Text-Only RHOAR | |||
| cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2019:2998 | 2019-10-10T00:00:00Z | |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2019-0546 | A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) |
 Github GHSA |
GHSA-jwgx-9mmh-684w | Credential exposure through log files in Undertow |
References
History
No history.
Subscriptions
Netapp
Subscribe
Active Iq Unified Manager
Subscribe
Redhat
Subscribe
Enterprise Linux
Subscribe
Jboss Data Grid
Subscribe
Jboss Enterprise Application Platform
Subscribe
Jboss Fuse
Subscribe
Jboss Single Sign On
Subscribe
Openshift Application Runtimes
Subscribe
Undertow
Subscribe
Virtualization
Subscribe
Virtualization Host
Subscribe
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-04T19:19:18.684Z
Reserved: 2019-01-03T00:00:00.000Z
Link: CVE-2019-3888
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-06-12T14:29:04.790
Modified: 2024-11-21T04:42:48.223
Link: CVE-2019-3888
Redhat
OpenCVE Enrichment
No data.
Weaknesses