1. Home
  2. Vulnerabilities
  3. CVE-2017-12196

CVE-2017-12196

CVSS v3.0 5.9 (Medium)
59% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.28 % (69th)
0.28% Progress
Affected Products 4
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

Weaknesses
CWE-287
Improper Authentication
CWE-863
Incorrect Authorization
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2018-04-18 01:29:01
(6 years ago)
Updated Date
2019-10-09 23:22:28
(5 years ago)

Affected Products

Redhat

Configuration #1

    CPE23 From Up To
  Redhat Undertow 1.4.18 and prior versions cpe:2.3:a:redhat:undertow <= 1.4.18
  Redhat Undertow 1.4.24 cpe:2.3:a:redhat:undertow:1.4.24
  Redhat Undertow 2.0.2 cpe:2.3:a:redhat:undertow:2.0.2

Configuration #2

    CPE23 From Up To
  Redhat Jboss Enterprise Application Platform 7.0.0 cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0
  Redhat Jboss Fuse 6.0.0 cpe:2.3:a:redhat:jboss_fuse:6.0.0
  Redhat Virtualization 4.0 cpe:2.3:a:redhat:virtualization:4.0