Описание
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.1.1.0 (исключая)
cpe:2.3:a:roxy-wi:roxy-wi:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.12856
Средний
10 Critical
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
EPSS
Процентиль: 94%
0.12856
Средний
10 Critical
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287