Описание
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Release NotesVendor Advisory
- ExploitIssue TrackingThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2021.2 (исключая)Версия до 2021.2 (исключая)
Одно из
cpe:2.3:a:portswigger:burp_suite:*:*:*:*:community:*:*:*
cpe:2.3:a:portswigger:burp_suite:*:*:*:*:professional:*:*:*
EPSS
Процентиль: 54%
0.00313
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 6.5
debian
почти 5 лет назад
An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...
CVSS3: 6.5
github
больше 3 лет назад
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB.
EPSS
Процентиль: 54%
0.00313
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other