← back
CVE-2022-31684

CVE-2022-31684

CVSS 4.3 MEDIUMEPSS 0.6%CWE-532
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · Reactor Netty

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://tanzu.vmware.com/security/cve-2022-31684