Uploaded image for project: 'Data Collection, Analytics, and Events'
  1. Data Collection, Analytics, and Events
  2. DCAEGEN2-1457

onap-dcaegen2-analytics-tca-gen2 - 2019-04-19

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: High High
    • Dublin Release
    • Dublin Release
    • None

      Switch to version specified in last column

       

      onap-dcaegen2-analytics-tca-gen2 io.undertow : undertow-core : 1.4.25.Final Description from CVE Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. Explanation
      The undertow-core package is vulnerable to Information Exposure. The getHostAndPort() method in the HttpServerExchange class exposes an internal IP address via the Location header during a 302 redirect if the host header field is not set. A remote attacker can exploit this issue by submitting a GET request that results in a 302 redirect response. The attacker can leverage this vulnerability to exfiltrate an internal IP address that can potentially be used for further attacks.      		 Switch to 2.0.17.Final
       

            jegadeeshbabu jegadeeshbabu
            vv770d vv770d
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: