CVE-2019-3888

Published: Jun 12, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)

Affected (8)

Products: Redhat: Undertow, Virtualization, Virtualization Host, Jboss Data Grid, Openshift Application Runtimes · Netapp: Active Iq Unified Manager

5 products

Virtualization Host

Jboss Data Grid

Openshift Application Runtimes

1 product

Active Iq Unified Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Undertow	Before 2.0.21

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Virtualization	Version 4.0
Redhat Virtualization Host	Version 4.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 7.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Data Grid	All versions
Redhat Openshift Application Runtimes	All versions

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Active Iq Unified Manager	All versions
Netapp Active Iq Unified Manager	All versions

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (12)

http://www.securityfocus.com/bid/108739

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:2439

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:2998

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2020:0727

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://security.netapp.com/advisory/ntap-20220210-0019/

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/108739

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:2439

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:2998

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2020:0727

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://security.netapp.com/advisory/ntap-20220210-0019/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.