CVE-2019-10904

Опубликовано: 06 апр. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.

Ссылки

http://www.openwall.com/lists/oss-security/2019/04/07/1
Exploit
Mailing List
Third Party Advisory
https://bugs.python.org/issue36391
Exploit
Vendor Advisory
https://github.com/python/bugs.python.org/issues/34
Exploit
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
Mailing List
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/04/05/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/04/07/1
Exploit
Mailing List
Third Party Advisory
https://bugs.python.org/issue36391
Exploit
Vendor Advisory
https://github.com/python/bugs.python.org/issues/34
Exploit
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
Mailing List
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/04/05/1
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:roundup-tracker:roundup:1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00631

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-10904

CVSS3: 6.1

ubuntu

почти 7 лет назад

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.

CVE-2019-10904

CVSS3: 6.1

debian

почти 7 лет назад

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and r ...

GHSA-926q-wxr6-3crq

CVSS3: 6.1

github

почти 7 лет назад

Moderate severity vulnerability that affects roundup

EPSS

Процентиль: 70%

0.00631

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79