Executive Summary

Informations
NameCVE-2019-3888First vendor Publication2019-06-12
VendorCveLast vendor Modification2019-07-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3888

CWE : Common Weakness Enumeration

%idName
100 %CWE-255Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application222
Os1

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/108739
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
REDHAT https://access.redhat.com/errata/RHSA-2019:2439

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-08-13 12:07:25
  • Multiple Updates
2019-07-06 00:19:25
  • Multiple Updates
2019-06-14 21:19:44
  • Multiple Updates
2019-06-12 21:19:23
  • First insertion