VDB
CVE-2017-12196
CVE-2017-12196
PUBLISHED
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.
EPSS 0.53% · 67.7th percentile
Risk Scores
EPSS Score
0.53%
67.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | undertow | 0, 2.3.8-2 |
| Ubuntu:18.04:LTS | undertow | 1.4.23-1, 1.4.23-2build1, 1.4.22-1 |
| Ubuntu:16.04:LTS | undertow | 0, 1.3.7-1, 1.3.4-1 |
Timeline
- Apr 18, 2018 CVE Published
- Oct 9, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-12196 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1503055 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-12196 third-party-advisory