Description
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
Remediation
References
Related Vulnerabilities
WordPress Plugin CF7 Invisible reCAPTCHA Cross-Site Scripting (1.3.1)
WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)
WordPress Plugin Exquisite PayPal Donation Cross-Site Scripting (2.0.0)
Oracle JRE CVE-2020-2816 Vulnerability (CVE-2020-2816)
Chamilo Improper Input Validation Vulnerability (CVE-2012-4030)