An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jcDd2LXZtdjctNngycc4AARke

Incorrect Authorization in Undertow

Undertow before versions 1.4.18.SP1 (not findable in Maven), 2.0.2.Final, and 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago

CVSS Score: 5.9
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-cp7v-vmv7-6x2q, CVE-2017-12196
References: Repository:
Blast Radius: 22.0

Affected Packages

Dependent packages: 912
Dependent repositories: 5,259
Affected Version Ranges: <= 1.4.23.Final, >= 2.0.0.Alpha1, <= 2.0.1.Final
Fixed in: 1.4.24.Final, 2.0.2.FInal
All affected versions: 1.4.2-0.Final, 1.4.2-1.Final, 1.4.2-2.Final, 1.4.2-3.Final
All unaffected versions: