VYPR
Medium severity4.8NVD Advisory· Published Apr 18, 2018· Updated Jun 17, 2026

CVE-2017-12196

CVE-2017-12196

Description

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.undertow:undertow-coreMaven
>= 2.0.0.Alpha1, < 2.0.2.FInal2.0.2.FInal
io.undertow:undertow-coreMaven
< 1.4.24.Final1.4.24.Final

Affected products

2

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.