exploitDog

CVE-2017-6370

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

Ссылки

http://www.securityfocus.com/bid/97071
https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/97071
https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00112

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-87hc-phmj-rhgh

CVSS3: 5.3

github

больше 3 лет назад

TYPO3 Information Disclosure Vulnerability

EPSS

Процентиль: 30%

0.00112

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-319