CVE-2019-18958

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...

CVE-2019-18958

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...

GHSA-8VH8-VC28-M2HF Potential to access user credentials from the log files when debug logging enabled

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...

CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

DEBIAN-CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

Design/Logic Flaw

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

UBUNTU-CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

CVE-2019-10212

CVE-2019-10212 affects Undertow (under 2.0.20) where DEBUG logging of io.undertow.request.security can leak user credentials from log files. Reported in multiple sources (including OSV entries and CNVD) as a log-file disclosure vulnerability with network-based access and high confidentiality/inte...

CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 (RHSA-2019:2937)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2937 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 (RHSA-2019:2936)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2936 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...

Information Disclosure

undertow is vulnerable to information disclosure. The vulnerability exists as the DEBUG log for io.undertow.request.security leaks credentials to log files if it is enabled...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...

CVE-2019-10212

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files. Mitigation Use Elytron instead of legacy Security subsystem...