exploitDog

CVE-2015-7900

Опубликовано: 28 окт. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02
Patch
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02
Patch
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.09856

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-ww9v-c5vx-pcg3

github

больше 3 лет назад

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.

EPSS

Процентиль: 93%

0.09856

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200