CVE-2017-8342

Опубликовано: 30 апр. 2017

Источник: nvd

CVSS3: 8.1

CVSS2: 4.3

EPSS Низкий

Описание

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.

Ссылки

https://bugs.debian.org/861514
Exploit
Issue Tracking
Patch
VDB Entry
https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst
Release Notes
Third Party Advisory
https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
Patch
Third Party Advisory
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/04/msg00019.html
https://bugs.debian.org/861514
Exploit
Issue Tracking
Patch
VDB Entry
https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst
Release Notes
Third Party Advisory
https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
Patch
Third Party Advisory
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/04/msg00019.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:radicale:radicale:*:*:*:*:*:*:*:*

Версия до 1.1.1 (включая)

cpe:2.3:a:radicale:radicale:2.0.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00726

Низкий

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2017-8342

CVSS3: 8.1

ubuntu

почти 9 лет назад

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.

CVE-2017-8342

CVSS3: 8.1

debian

почти 9 лет назад

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracl ...

GHSA-rpv4-63g3-9x23

CVSS3: 8.1

github

больше 3 лет назад

Radicale is vulnerable to timing oracles and simple bruteforce attacks

EPSS

Процентиль: 72%

0.00726

Низкий

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-362