exploitDog

CVE-2019-10272

Опубликовано: 30 апр. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.

Ссылки

https://expzh.com/Weaver-e-cology9.0-CRLF-Injection.pdf
Exploit
Third Party Advisory
https://www.weaver.com.cn/cs/securityDownload.asp
Vendor Advisory
https://expzh.com/Weaver-e-cology9.0-CRLF-Injection.pdf
Exploit
Third Party Advisory
https://www.weaver.com.cn/cs/securityDownload.asp
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weaver:e-cology:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00301

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-93

Связанные уязвимости

GHSA-wcf2-gqg7-88p4

CVSS3: 6.1

github

больше 3 лет назад

An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.

EPSS

Процентиль: 53%

0.00301

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-93