Описание
iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_root_url is defined in the configuration file, then there is no possible way to exploit this ReDoS.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.1 (исключая)
cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00072
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-1333
EPSS
Процентиль: 22%
0.00072
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-1333