Description
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
Remediation
References
Related Vulnerabilities
Joomla CVE-2012-0836 Vulnerability (CVE-2012-0836)
WordPress Plugin Simple Personal Message SQL Injection (1.0.3)
Atlassian Jira Deserialization of Untrusted Data Vulnerability (CVE-2017-5983)
WordPress Plugin Event Organiser Cross-Site Scripting (2.12.4)
WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (1.2.0)