Описание
TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY".
Ссылки
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:trustedsec:trevorc2:1.1:*:*:*:*:*:*:*
cpe:2.3:a:trustedsec:trevorc2:1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00364
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
github
больше 3 лет назад
TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY".
EPSS
Процентиль: 58%
0.00364
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203