Title: CX: CVE-2019-3888 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master · Issue #35 · CxMichaelF/JavaVulnerableLab · GitHub
Open Graph Title: CX: CVE-2019-3888 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master · Issue #35 · CxMichaelF/JavaVulnerableLab
X Title: CX: CVE-2019-3888 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master · Issue #35 · CxMichaelF/JavaVulnerableLab
Description: Description A vulnerability was found in Undertow web server up to 1.0.0.Alpha19, between 1.3.0.Beta9 to 1.3.0.Beta13, 1.3.0.CR.x, between 1.3.0.Final to 1.4.27.Final and 2.0.x before 2.0.20.Final. An information exposure of plain text c...
Open Graph Description: Description A vulnerability was found in Undertow web server up to 1.0.0.Alpha19, between 1.3.0.Beta9 to 1.3.0.Beta13, 1.3.0.CR.x, between 1.3.0.Final to 1.4.27.Final and 2.0.x before 2.0.20.Final....
X Description: Description A vulnerability was found in Undertow web server up to 1.0.0.Alpha19, between 1.3.0.Beta9 to 1.3.0.Beta13, 1.3.0.CR.x, between 1.3.0.Final to 1.4.27.Final and 2.0.x before 2.0.20.Final....
Opengraph URL: https://github.com/CxMichaelF/JavaVulnerableLab/issues/35
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"CX: CVE-2019-3888 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master","articleBody":"**Description**\r\n\r\nA vulnerability was found in Undertow web server up to 1.0.0.Alpha19, between 1.3.0.Beta9 to 1.3.0.Beta13, 1.3.0.CR.x, between 1.3.0.Final to 1.4.27.Final and 2.0.x before 2.0.20.Final. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)\r\n\r\n**HIGH Vulnerable Package** issue exists @ **io.undertow:undertow-core** in branch **refs/heads/master**\r\n\r\n**Vulnerability ID:** CVE-2019-3888\r\n\r\n**Package Name:** io.undertow:undertow-core\r\n\r\n**Severity:** HIGH\r\n\r\n**CVSS Score:** 9.8\r\n\r\n**Publish Date:** 2019-06-12T14:29:00\r\n\r\n**Current Package Version:** 2.0.9.Final\r\n\r\n**Remediation Upgrade Recommendation:** 2.0.35.Final\r\n\r\n[Link To SCA](https://sca.scacheckmarx.com/#/projects/43c66723-1c23-4989-9e51-bfa32766271e/reports/e3c3068d-3289-466b-aa0f-b9c2cf00b4ea/vulnerabilities/CVE-2019-3888%3AMaven-io.undertow%3Aundertow-core-2.0.9.Final/vulnerabilityDetails/vulnerabilities/CVE-2019-3888%3AMaven-io.undertow%3Aundertow-core-2.0.9.Final/vulnerabilityDetails)\r\n\r\n[Reference – NVD link](https://nvd.nist.gov/vuln/detail/CVE-2019-3888)\r\n\r\n","author":{"url":"https://github.com/github-actions[bot]","@type":"Person","name":"github-actions[bot]"},"datePublished":"2021-08-11T16:45:39.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":25},"url":"https://github.com/35/JavaVulnerableLab/issues/35"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:f16cae2e-1a69-627f-4754-3a55694328a9 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | DC6E:3CF134:23CBBC:427171:6A5C97A4 |
| html-safe-nonce | d678ea04a503d85f1e1d080c63652811a6b98ba5098dff2fd053191046a9dcd7 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEQzZFOjNDRjEzNDoyM0NCQkM6NDI3MTcxOjZBNUM5N0E0IiwidmlzaXRvcl9pZCI6IjQ2ODU0MjQ4OTYzNzc2NTcyNTIiLCJyZWdpb25fZWRnZSI6Indlc3R1czIiLCJyZWdpb25fcmVuZGVyIjoid2VzdHVzMiJ9 |
| visitor-hmac | 28e4f0f2244eb914081f642d1e3ee321b4c5b16d524ab70faf918e8fc1563ad9 |
| hovercard-subject-tag | issue:967060301 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/CxMichaelF/JavaVulnerableLab/35/issue_layout |
| twitter:image | https://opengraph.githubassets.com/a7cd9605b7b6b537e36019782f8f408f6ba59b09fb323f5a4dad97734cb970ff/CxMichaelF/JavaVulnerableLab/issues/35 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/a7cd9605b7b6b537e36019782f8f408f6ba59b09fb323f5a4dad97734cb970ff/CxMichaelF/JavaVulnerableLab/issues/35 |
| og:image:alt | Description A vulnerability was found in Undertow web server up to 1.0.0.Alpha19, between 1.3.0.Beta9 to 1.3.0.Beta13, 1.3.0.CR.x, between 1.3.0.Final to 1.4.27.Final and 2.0.x before 2.0.20.Final.... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | github-actions[bot] |
| hostname | github.com |
| expected-hostname | github.com |
| None | 5290d7e14309ad1e76106a9c4237bd1041517e83ea182c8ab756752cb0c6940b |
| turbo-cache-control | no-preview |
| go-import | github.com/CxMichaelF/JavaVulnerableLab git https://github.com/CxMichaelF/JavaVulnerableLab.git |
| octolytics-dimension-user_id | 86857662 |
| octolytics-dimension-user_login | CxMichaelF |
| octolytics-dimension-repository_id | 395046070 |
| octolytics-dimension-repository_nwo | CxMichaelF/JavaVulnerableLab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 301707927 |
| octolytics-dimension-repository_parent_nwo | cx-maty-siman/JavaVulnerableLab |
| octolytics-dimension-repository_network_root_id | 301707927 |
| octolytics-dimension-repository_network_root_nwo | cx-maty-siman/JavaVulnerableLab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 9c975978430e9ad293956f2bbdaf153b1bd84a99 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width