CVE-2019-3888

Summary

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)

Affected Software

VendorProductVersion RangeStatus
Red Hatundertow2.0.21affected

Weaknesses

  • CWE-532: CWE-532

ADP Enrichment

CVE Program Container

Additional References

References