vulnerability
Red Hat JBoss EAP: CVE-2017-12196: Improper Authentication
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:S/C:C/I:N/A:N) | Mar 12, 2018 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:S/C:C/I:N/A:N)
Published
Mar 12, 2018
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.. It was discovered that when using Digest authentication, the server does not ensure that the value of the URI in the authorization header matches the URI in the HTTP request line. This allows the attacker to execute a MITM attack and access the desired content on the server.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-287
- CWE-863
- CVE-2017-12196
- https://attackerkb.com/topics/CVE-2017-12196
- URL-https://access.redhat.com/security/cve/CVE-2017-12196
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1503055
- URL-https://access.redhat.com/errata/RHSA-2018:0478
- URL-https://access.redhat.com/errata/RHSA-2018:0479
- URL-https://access.redhat.com/errata/RHSA-2018:0480
- URL-https://access.redhat.com/errata/RHSA-2018:0481
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.