Описание
GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header.
GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-3499
- https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt
- http://www.kb.cert.org/vuls/id/345260
- http://www.securityfocus.com/bid/58404
EPSS
Процентиль: 75%
0.00856
Низкий
CVE ID
Связанные уязвимости
nvd
больше 12 лет назад
GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header.
EPSS
Процентиль: 75%
0.00856
Низкий