A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HInfinispan Server Rest
APPInfinispan10.0.0 – 11.0.12 (bez)12.0.0 – 12.1.4 (bez)Red Hat Data Grid
APPRedhat8.0.08.0.18.1.08.1.1
Related vulnerabilities
Brak walidacji nagłówka Host w serwerze Undertow HTTP
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV)...
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header...
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted reque...
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with o...