Lucene search
Veracode Vulnerability DatabaseVERACODE:21806HistoryNov 05, 2019 - 7:28 a.m.
Information Disclosure
2019-11-0507:28:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.002 Low
EPSS
Percentile
55.1%
play-ws is vulnerable to information disclosure. The vulnerability exists through a regression caused by async-http-client that causes HTTP CONNECT requests set to an outbound HTTPS requests when using an authenticated proxy server.
References
github.com/AsyncHttpClient/async-http-client/pull/1667
github.com/playframework/play-ws/commit/0007ce58a85d779e0eb5a2fb2b213c9aa928cf7a
github.com/playframework/play-ws/pull/410
www.playframework.com/security/vulnerability
www.playframework.com/security/vulnerability/CVE-2019-17598-PlayWSHttpConnectAuthorizationHeaders
Related
osv
osv
Play Framework Inadequate Encryption Strength vulnerability
2022-05-24 22:01:04
CVE-2019-17598
2019-11-05 15:15:12
nvd
nvd
CVE-2019-17598
2019-11-05 15:15:12
cve
cve
CVE-2019-17598
2019-11-05 15:15:12
cvelist
cvelist
CVE-2019-17598
2019-11-05 14:53:19
prion
prion
Design/Logic Flaw
2019-11-05 15:15:00
github
github
Play Framework Inadequate Encryption Strength vulnerability
2022-05-24 22:01:04