发布时间: 2025年3月7日
修改时间: 2025年3月7日
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Network | Network |
| CVSS评分 | 9.8 | 9.8 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2373 | undertow security update | 2025年4月27日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | undertow | Fixed |
| KY3.5.3 | undertow | Fixed |
| V6 | undertow | Fixed |
