CVE-2019-8953

Опубликовано: 20 фев. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Высокий

Описание

The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.

Ссылки

https://cxsecurity.com/issue/WLB-2019020153
Exploit
Third Party Advisory
https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c
Patch
Third Party Advisory
https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5
Patch
Third Party Advisory
https://redmine.pfsense.org/issues/9335
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/46538/
Exploit
Third Party Advisory
VDB Entry
https://cxsecurity.com/issue/WLB-2019020153
Exploit
Third Party Advisory
https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c
Patch
Third Party Advisory
https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5
Patch
Third Party Advisory
https://redmine.pfsense.org/issues/9335
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/46538/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netgate:haproxy:*:*:*:*:*:pfsense:*:*

Версия до 0.59_16 (исключая)

EPSS

Процентиль: 99%

0.75428

Высокий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fvff-74xh-67ch