Описание
RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:changingtec:rava_certificate_validation_system:3:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00091
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response.
EPSS
Процентиль: 26%
0.00091
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-918
CWE-918