Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Undertow Insertion of Sensitive Information into Log File Vulnerability - CVE-2019-3888 - Vulnerability Database
Undertow

Undertow Insertion of Sensitive Information into Log File Vulnerability - CVE-2019-3888

Critical
Reference: CVE-2019-3888
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-3888
Title: Undertow Insertion of Sensitive Information into Log File Vulnerability
Overview:

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t exchange)