Medium severity4.8NVD Advisory· Published Apr 18, 2018· Updated Jun 17, 2026
CVE-2017-12196
CVE-2017-12196
Description
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-coreMaven | >= 2.0.0.Alpha1, < 2.0.2.FInal | 2.0.2.FInal |
io.undertow:undertow-coreMaven | < 1.4.24.Final | 1.4.24.Final |
Affected products
2- unspecified/undertowv5Range: undertow 1.4.18.SP1
Patches
Vulnerability mechanics
References
12- access.redhat.com/errata/RHSA-2018:0478nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0479nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0480nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0481nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1525nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2405nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:3768nvdVendor AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-cp7v-vmv7-6x2qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12196ghsaADVISORY
- github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870ghsaWEB
- issues.jboss.org/browse/UNDERTOW-1190nvdIssue TrackingWEB
News mentions
0No linked articles in our index yet.