CVE-2019-3888 : Security Advisory and Response
Learn about CVE-2019-3888, a vulnerability in Undertow web server versions prior to 2.0.21 that exposes plain text credentials through log files. Find out the impact, affected systems, exploitation mechanism, and mitigation steps.
Undertow web server version 2.0.21 and earlier contains a vulnerability that exposes plain text credentials through log files when logging the HttpServerExchange object at the ERROR level.
Understanding CVE-2019-3888
What is CVE-2019-3888?
CVE-2019-3888 is a vulnerability in Undertow web server versions prior to 2.0.21 that allows for the exposure of plain text credentials through log files.
The Impact of CVE-2019-3888
This vulnerability has a CVSS base score of 5.3, indicating a medium severity issue with high confidentiality impact.
Technical Details of CVE-2019-3888
Vulnerability Description
The vulnerability in Undertow web server exposes plain text credentials through log files when logging the HttpServerExchange object at the ERROR level.
Affected Systems and Versions
- Product: Undertow
- Vendor: Red Hat
- Versions Affected: 2.0.21 and earlier
Exploitation Mechanism
The vulnerability occurs specifically when the HttpServerExchange object is logged in the Connectors.executeRootHandler method at the ERROR level.
Mitigation and Prevention
Immediate Steps to Take
- Update Undertow web server to version 2.0.21 or later.
- Monitor log files for any signs of credential exposure.
Long-Term Security Practices
- Implement secure logging practices to avoid exposing sensitive information.
- Regularly review and update logging configurations to enhance security.
Patching and Updates
- Apply patches provided by Red Hat to address the vulnerability.