Описание
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.7.2 (включая)
cpe:2.3:a:it-novum:openitcockpit:*:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00464
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-276
Связанные уязвимости
github
больше 3 лет назад
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.
EPSS
Процентиль: 64%
0.00464
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-276