Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2017-12196

Published: 18/04/2018 Updated: 09/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Redhat

Vulnerability Summary

undertow prior to 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the malicious user to cause a MITM attack and access the desired content on the server.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat undertow

redhat undertow 1.4.24

redhat undertow 2.0.2

redhat jboss fuse 6.0.0

redhat jboss enterprise application platform 7.0.0

redhat virtualization 4.0

Vendor Advisories

Debian CVElist Bug Report Logs: undertow: CVE-2018-1114: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service
Debian Bug report logs - #897247 undertow: CVE-2018-1114: File descriptor leak caused by JarURLConnectiongetLastModified() allows attacker to cause a denial of service Package: src:undertow; Maintainer for src:undertow is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccors ...
Red Hat: Important: Red Hat Fuse 7.2 security update
Synopsis Important: Red Hat Fuse 72 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...
Red Hat: Critical: EAP Continuous Delivery Technical Preview Release 12 security update
Synopsis Critical: EAP Continuous Delivery Technical Preview Release 12 security update Type/Severity Security Advisory: Critical Topic This is a security update for JBoss EAP Continuous Delivery 120Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerabil ...
Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update
Synopsis Critical: Red Hat FIS 20 on Fuse 630 R7 security and bug fix update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat Fuse Integration ServicesRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scor ...
Red Hat: Important: jboss-ec2-eap package for EAP 7.1.1
Synopsis Important: jboss-ec2-eap package for EAP 711 Type/Severity Security Advisory: Important Topic An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 711 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 711 for Red Ha ...
Red Hat: Important: JBoss Enterprise Application Platform 7.1.1 on RHEL 6
Synopsis Important: JBoss Enterprise Application Platform 711 on RHEL 6 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impac ...
Red Hat: Important: JBoss Enterprise Application Platform 7.1.1 for RHEL 7
Synopsis Important: JBoss Enterprise Application Platform 711 for RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impa ...
Red Hat: Important: rhvm-appliance security and enhancement update
Synopsis Important: rhvm-appliance security and enhancement update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for RHEL-7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.1 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 711 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Red Hat: Important: EAP Continuous Delivery Technical Preview Release 13 security update
Synopsis Important: EAP Continuous Delivery Technical Preview Release 13 security update Type/Severity Security Advisory: Important Topic This is a security update for JBoss EAP Continuous Delivery 130Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Red Hat: CVE-2017-12196
It was discovered that when using Digest authentication, the server does not ensure that the value of the URI in the authorization header matches the URI in the HTTP request line This allows the attacker to execute a MITM attack and access the desired content on the server ...

References

CWE-863https://issues.jboss.org/browse/UNDERTOW-1190https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196https://access.redhat.com/errata/RHSA-2018:0481https://access.redhat.com/errata/RHSA-2018:0480https://access.redhat.com/errata/RHSA-2018:0479https://access.redhat.com/errata/RHSA-2018:0478https://access.redhat.com/errata/RHSA-2018:1525https://access.redhat.com/errata/RHSA-2018:2405https://access.redhat.com/errata/RHSA-2018:3768https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2017-12196
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute forceCVE-2024-24908open redirectCVE-2024-31497CVE-2023-45866CVE-2024-4135CVE-2024-25523cache poisoningCVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook