| |
Vulnerability CVE-2019-10212
Published: 2019-10-02
| Description: |
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. |
Type:
CWE-532 (Information Exposure Through Log Files)
CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.3/10 |
2.9/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://access.redhat.com/errata/RHSA-2019:2998
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
