Man-in-the-middle attack in Undertow

#VU12802 Man-in-the-middle attack in Undertow

Published: 2018-05-17

Vulnerability identifier: #VU12802

Vulnerability risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12196

CWE-ID: CWE-300

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Undertow
Server applications / Web servers

Vendor: Red Hat Inc.

Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line when using Digest authentication. A remote attacker can conduct man-in-the-middle attack and gin access to potentially sensitive information.

Mitigation
Update to versions 1.4.18.SP1, 2.0.2.Final or 1.4.24.Final.

Vulnerable software versions

Undertow: All versions

External links
http://issues.jboss.org/browse/UNDERTOW-1190

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for jackson-databind

Red Hat JBoss Enterprise Application Platform 7.1.1 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.1.1 for Red Hat Enterprise Linux 7 update for eap7-jboss-ec2-eap