CVE-2019-17240

Опубликовано: 06 окт. 2019

Источник: nvd

CVSS3: 3.7

CVSS3: 9.8

CVSS2: 4.3

EPSS Высокий

Описание

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

Ссылки

http://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.html
http://packetstormsecurity.com/files/159664/Bludit-3.9.2-Bruteforce-Mitigation-Bypass.html
https://github.com/bludit/bludit/pull/1090
Exploit
Third Party Advisory
https://rastating.github.io/bludit-brute-force-mitigation-bypass/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.html
http://packetstormsecurity.com/files/159664/Bludit-3.9.2-Bruteforce-Mitigation-Bypass.html
https://github.com/bludit/bludit/pull/1090
Exploit
Third Party Advisory
https://rastating.github.io/bludit-brute-force-mitigation-bypass/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bludit:bludit:3.9.2:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.76412

Высокий

3.7 Low

CVSS3

9.8 Critical

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-307

Связанные уязвимости

GHSA-9pgc-3hv6-jch2

CVSS3: 9.8

github

больше 3 лет назад

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

EPSS

Процентиль: 99%

0.76412

Высокий

3.7 Low

CVSS3

9.8 Critical

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-307