Description
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.
Remediation
References
https://issues.jboss.org/browse/UNDERTOW-1190
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196
https://access.redhat.com/errata/RHSA-2018:0481
https://access.redhat.com/errata/RHSA-2018:0480
https://access.redhat.com/errata/RHSA-2018:0479
https://access.redhat.com/errata/RHSA-2018:0478
https://access.redhat.com/errata/RHSA-2018:1525
https://access.redhat.com/errata/RHSA-2018:2405
https://access.redhat.com/errata/RHSA-2018:3768
Related Vulnerabilities
CVE-2023-37478 Vulnerability in npm package @pnpm/linux-arm64
CVE-2019-1003063 Vulnerability in maven package org.jenkins-ci.plugins:snsnotify
CVE-2022-32532 Vulnerability in maven package org.apache.shiro:shiro-core
CVE-2020-1748 Vulnerability in maven package org.wildfly.security:wildfly-elytron
CVE-2021-36372 Vulnerability in maven package org.apache.ozone:ozone-common