Uploaded image for project: 'Data Collection, Analytics, and Events'
  1. Data Collection, Analytics, and Events
  2. DCAEGEN2-1457

onap-dcaegen2-analytics-tca-gen2 - 2019-04-19

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • High
    • Resolution: Done
    • Dublin Release
    • Dublin Release
    • None

    Description

      Switch to version specified in last column

       

      onap-dcaegen2-analytics-tca-gen2 io.undertow : undertow-core : 1.4.25.Final Description from CVE Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. Explanation
      The undertow-core package is vulnerable to Information Exposure. The getHostAndPort() method in the HttpServerExchange class exposes an internal IP address via the Location header during a 302 redirect if the host header field is not set. A remote attacker can exploit this issue by submitting a GET request that results in a 302 redirect response. The attacker can leverage this vulnerability to exfiltrate an internal IP address that can potentially be used for further attacks.
      Switch to 2.0.17.Final
       

      Attachments

        Issue Links

          # Subject Branch Project Status CR V

          Activity

            People

              Jegadeeshbabu Jegadeesh Babu
              vv770d Vijay Venkatesh Kumar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: