CVE-2019-20798

Опубликовано: 18 мая 2020

Источник: nvd

CVSS3: 8.4

CVSS2: 6

EPSS Низкий

Описание

An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.

Ссылки

https://github.com/cherokee/webserver/issues/1227
Exploit
Third Party Advisory
https://logicaltrust.net/blog/2019/11/cherokee.html
Exploit
Third Party Advisory
https://security.gentoo.org/glsa/202012-09
Third Party Advisory
https://github.com/cherokee/webserver/issues/1227
Exploit
Third Party Advisory
https://logicaltrust.net/blog/2019/11/cherokee.html
Exploit
Third Party Advisory
https://security.gentoo.org/glsa/202012-09
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*

Версия до 1.2.104 (включая)

EPSS

Процентиль: 74%

0.00857

Низкий

8.4 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-20798

CVSS3: 8.4

debian

больше 5 лет назад

An XSS issue was discovered in handler_server_info.c in Cherokee throu ...

GHSA-926v-x6q7-4hcv

CVSS3: 8.4

github

больше 3 лет назад

EPSS

Процентиль: 74%

0.00857

Низкий

8.4 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-79