CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2019-3888

CVSS 9.8v3.1pub. 2019-06-12upd. 2024-11-21

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Red Hat Enterprise Linux

    OS
    Redhat
    7.0
  • Red Hat Jboss Data Grid

    APP
    Redhat
    wszystkie wersje
  • Red Hat Openshift Application Runtimes

    APP
    Redhat
    wszystkie wersje
  • Red Hat Undertow

    APP
    Redhat
    < 2.0.21
  • Red Hat Virtualization

    APP
    Redhat
    4.0
  • Red Hat Virtualization Host

    APP
    Redhat
    4.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2014-7169CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...