CVE-2019-3888 in Red Hat and NetApp Products
Published on June 12, 2019
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2019-3888
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-3888 are published in these products:
Affected Versions
Red Hat undertow Version 2.0.21 is affected by CVE-2019-3888Exploit Probability
EPSS
0.57%
Percentile
68.11%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.