CVE-2018-1153

Опубликовано: 18 июн. 2018

Источник: nvd

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.

Ссылки

http://releases.portswigger.net/2018/06/1734.html
Vendor Advisory
https://www.tenable.com/security/research/tra-2018-18
Third Party Advisory
http://releases.portswigger.net/2018/06/1734.html
Vendor Advisory
https://www.tenable.com/security/research/tra-2018-18
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:portswigger:burp_suite:1.7.32:*:*:*:community:*:*:*

cpe:2.3:a:portswigger:burp_suite:1.7.33:*:*:*:community:*:*:*

EPSS

Процентиль: 30%

0.0011

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

CVE-2018-1153

CVSS3: 7.4

debian

больше 7 лет назад

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the se ...

GHSA-3w65-74c3-p8jp

CVSS3: 7.4

github

больше 3 лет назад

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.

EPSS

Процентиль: 30%

0.0011

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-295