Description
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Affiliates-SliceWP Cross-Site Scripting (1.0.45)
WordPress Plugin WooCommerce-Store Toolkit Privilege Escalation (1.5.7)
WordPress Plugin Quartz SQL Injection (1.01.1)
WordPress Plugin Custom Searchable Data Entry System Security Bypass (1.7.1)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Request Forgery (8.0.37)