First published: Thu Mar 28 2019(Updated: )
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/eap7-apache-commons-codec | <0:1.11.0-2.redhat_00001.1.el6ea | 0:1.11.0-2.redhat_00001.1.el6ea |
redhat/eap7-apache-cxf | <0:3.2.7-2.redhat_00002.1.el6ea | 0:3.2.7-2.redhat_00002.1.el6ea |
redhat/eap7-hal-console | <0:3.0.11-1.Final_redhat_00001.1.el6ea | 0:3.0.11-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate | <0:5.3.10-1.Final_redhat_00001.1.el6ea | 0:5.3.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hornetq | <0:2.4.7-7.Final_redhat_2.1.el6ea | 0:2.4.7-7.Final_redhat_2.1.el6ea |
redhat/eap7-ironjacamar | <0:1.4.16-2.Final_redhat_00001.1.el6ea | 0:1.4.16-2.Final_redhat_00001.1.el6ea |
redhat/eap7-javassist | <0:3.23.2-2.GA_redhat_00001.1.el6ea | 0:3.23.2-2.GA_redhat_00001.1.el6ea |
redhat/eap7-jboss-ejb-client | <0:4.0.18-1.Final_redhat_00001.1.el6ea | 0:4.0.18-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-marshalling | <0:2.0.7-2.Final_redhat_00001.1.el6ea | 0:2.0.7-2.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-modules | <0:1.8.8-1.Final_redhat_00001.1.el6ea | 0:1.8.8-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-openjdk-orb | <0:8.1.3-1.Final_redhat_00001.1.el6ea | 0:8.1.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-remoting | <0:5.0.9-1.Final_redhat_00001.1.el6ea | 0:5.0.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration | <0:1.3.1-2.Final_redhat_00002.1.el6ea | 0:1.3.1-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-xnio-base | <0:3.6.6-1.Final_redhat_00001.1.el6ea | 0:3.6.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jgroups | <0:4.0.19-1.Final_redhat_00001.1.el6ea | 0:4.0.19-1.Final_redhat_00001.1.el6ea |
redhat/eap7-picketlink-bindings | <0:2.5.5-17.SP12_redhat_00005.1.el6ea | 0:2.5.5-17.SP12_redhat_00005.1.el6ea |
redhat/eap7-picketlink-federation | <0:2.5.5-17.SP12_redhat_00005.1.el6ea | 0:2.5.5-17.SP12_redhat_00005.1.el6ea |
redhat/eap7-resteasy | <0:3.6.1-5.SP5_redhat_00001.1.el6ea | 0:3.6.1-5.SP5_redhat_00001.1.el6ea |
redhat/eap7-undertow | <0:2.0.20-1.Final_redhat_00001.1.el6ea | 0:2.0.20-1.Final_redhat_00001.1.el6ea |
redhat/eap7-weld-core | <0:3.0.6-1.Final_redhat_00001.1.el6ea | 0:3.0.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly | <0:7.2.2-2.GA_redhat_00001.1.el6ea | 0:7.2.2-2.GA_redhat_00001.1.el6ea |
redhat/eap7-wildfly-common | <0:1.5.1-1.Final_redhat_00001.1.el6ea | 0:1.5.1-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-discovery | <0:1.1.2-1.Final_redhat_00001.1.el6ea | 0:1.1.2-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-http-client | <0:1.0.15-1.Final_redhat_00001.1.el6ea | 0:1.0.15-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-naming-client | <0:1.0.10-1.Final_redhat_00001.1.el6ea | 0:1.0.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-apache-commons-codec | <0:1.11.0-2.redhat_00001.1.el7ea | 0:1.11.0-2.redhat_00001.1.el7ea |
redhat/eap7-apache-cxf | <0:3.2.7-2.redhat_00002.1.el7ea | 0:3.2.7-2.redhat_00002.1.el7ea |
redhat/eap7-hal-console | <0:3.0.11-1.Final_redhat_00001.1.el7ea | 0:3.0.11-1.Final_redhat_00001.1.el7ea |
redhat/eap7-hibernate | <0:5.3.10-1.Final_redhat_00001.1.el7ea | 0:5.3.10-1.Final_redhat_00001.1.el7ea |
redhat/eap7-hornetq | <0:2.4.7-7.Final_redhat_2.1.el7ea | 0:2.4.7-7.Final_redhat_2.1.el7ea |
redhat/eap7-ironjacamar | <0:1.4.16-2.Final_redhat_00001.1.el7ea | 0:1.4.16-2.Final_redhat_00001.1.el7ea |
redhat/eap7-javassist | <0:3.23.2-2.GA_redhat_00001.1.el7ea | 0:3.23.2-2.GA_redhat_00001.1.el7ea |
redhat/eap7-jboss-ejb-client | <0:4.0.18-1.Final_redhat_00001.1.el7ea | 0:4.0.18-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-marshalling | <0:2.0.7-2.Final_redhat_00001.1.el7ea | 0:2.0.7-2.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-modules | <0:1.8.8-1.Final_redhat_00001.1.el7ea | 0:1.8.8-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-openjdk-orb | <0:8.1.3-1.Final_redhat_00001.1.el7ea | 0:8.1.3-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-remoting | <0:5.0.9-1.Final_redhat_00001.1.el7ea | 0:5.0.9-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-server-migration | <0:1.3.1-2.Final_redhat_00002.1.el7ea | 0:1.3.1-2.Final_redhat_00002.1.el7ea |
redhat/eap7-jboss-xnio-base | <0:3.6.6-1.Final_redhat_00001.1.el7ea | 0:3.6.6-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jgroups | <0:4.0.19-1.Final_redhat_00001.1.el7ea | 0:4.0.19-1.Final_redhat_00001.1.el7ea |
redhat/eap7-picketlink-bindings | <0:2.5.5-17.SP12_redhat_00005.1.el7ea | 0:2.5.5-17.SP12_redhat_00005.1.el7ea |
redhat/eap7-picketlink-federation | <0:2.5.5-17.SP12_redhat_00005.1.el7ea | 0:2.5.5-17.SP12_redhat_00005.1.el7ea |
redhat/eap7-resteasy | <0:3.6.1-5.SP5_redhat_00001.1.el7ea | 0:3.6.1-5.SP5_redhat_00001.1.el7ea |
redhat/eap7-undertow | <0:2.0.20-1.Final_redhat_00001.1.el7ea | 0:2.0.20-1.Final_redhat_00001.1.el7ea |
redhat/eap7-weld-core | <0:3.0.6-1.Final_redhat_00001.1.el7ea | 0:3.0.6-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly | <0:7.2.2-2.GA_redhat_00001.1.el7ea | 0:7.2.2-2.GA_redhat_00001.1.el7ea |
redhat/eap7-wildfly-common | <0:1.5.1-1.Final_redhat_00001.1.el7ea | 0:1.5.1-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-discovery | <0:1.1.2-1.Final_redhat_00001.1.el7ea | 0:1.1.2-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-http-client | <0:1.0.15-1.Final_redhat_00001.1.el7ea | 0:1.0.15-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-naming-client | <0:1.0.10-1.Final_redhat_00001.1.el7ea | 0:1.0.10-1.Final_redhat_00001.1.el7ea |
redhat/eap7-apache-commons-codec | <0:1.11.0-2.redhat_00001.1.el8ea | 0:1.11.0-2.redhat_00001.1.el8ea |
redhat/eap7-apache-cxf | <0:3.2.7-2.redhat_00002.1.el8ea | 0:3.2.7-2.redhat_00002.1.el8ea |
redhat/eap7-hal-console | <0:3.0.11-1.Final_redhat_00001.1.el8ea | 0:3.0.11-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hibernate | <0:5.3.10-1.Final_redhat_00001.1.el8ea | 0:5.3.10-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hornetq | <0:2.4.7-7.Final_redhat_2.1.el8ea | 0:2.4.7-7.Final_redhat_2.1.el8ea |
redhat/eap7-ironjacamar | <0:1.4.16-2.Final_redhat_00001.1.el8ea | 0:1.4.16-2.Final_redhat_00001.1.el8ea |
redhat/eap7-javassist | <0:3.23.2-2.GA_redhat_00001.1.el8ea | 0:3.23.2-2.GA_redhat_00001.1.el8ea |
redhat/eap7-jboss-ejb-client | <0:4.0.18-1.Final_redhat_00001.1.el8ea | 0:4.0.18-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-marshalling | <0:2.0.7-2.Final_redhat_00001.1.el8ea | 0:2.0.7-2.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-modules | <0:1.8.8-1.Final_redhat_00001.1.el8ea | 0:1.8.8-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-openjdk-orb | <0:8.1.3-1.Final_redhat_00001.1.el8ea | 0:8.1.3-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-remoting | <0:5.0.9-1.Final_redhat_00001.1.el8ea | 0:5.0.9-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-server-migration | <0:1.3.1-2.Final_redhat_00002.1.el8ea | 0:1.3.1-2.Final_redhat_00002.1.el8ea |
redhat/eap7-jboss-xnio-base | <0:3.6.6-1.Final_redhat_00001.1.el8ea | 0:3.6.6-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jgroups | <0:4.0.19-1.Final_redhat_00001.1.el8ea | 0:4.0.19-1.Final_redhat_00001.1.el8ea |
redhat/eap7-picketlink-bindings | <0:2.5.5-17.SP12_redhat_00005.1.el8ea | 0:2.5.5-17.SP12_redhat_00005.1.el8ea |
redhat/eap7-picketlink-federation | <0:2.5.5-17.SP12_redhat_00005.1.el8ea | 0:2.5.5-17.SP12_redhat_00005.1.el8ea |
redhat/eap7-resteasy | <0:3.6.1-5.SP5_redhat_00001.1.el8ea | 0:3.6.1-5.SP5_redhat_00001.1.el8ea |
redhat/eap7-undertow | <0:2.0.20-1.Final_redhat_00001.1.el8ea | 0:2.0.20-1.Final_redhat_00001.1.el8ea |
redhat/eap7-weld-core | <0:3.0.6-1.Final_redhat_00001.1.el8ea | 0:3.0.6-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly | <0:7.2.2-2.GA_redhat_00001.1.el8ea | 0:7.2.2-2.GA_redhat_00001.1.el8ea |
redhat/eap7-wildfly-common | <0:1.5.1-1.Final_redhat_00001.1.el8ea | 0:1.5.1-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-discovery | <0:1.1.2-1.Final_redhat_00001.1.el8ea | 0:1.1.2-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-http-client | <0:1.0.15-1.Final_redhat_00001.1.el8ea | 0:1.0.15-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-naming-client | <0:1.0.10-1.Final_redhat_00001.1.el8ea | 0:1.0.10-1.Final_redhat_00001.1.el8ea |
redhat/rhvm-appliance | <0:4.3-20190722.0.el7 | 0:4.3-20190722.0.el7 |
redhat/undertow-core-2.0.20.Final-redhat | <00001. | 00001. |
Redhat Undertow | <2.0.21 | |
Redhat Virtualization | =4.0 | |
Redhat Virtualization Host | =4.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Jboss Data Grid | ||
Redhat Openshift Application Runtimes | ||
Netapp Active Iq Unified Manager Linux | ||
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)