Description
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.
Remediation
References
Related Vulnerabilities
Ruby on Rails Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-8162)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-0218)
WordPress Incorrect Default Permissions Vulnerability (CVE-2011-1762)
PHP Resource Management Errors Vulnerability (CVE-2006-1549)
CakePHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4399)