PT-2019-12445 · Anomali · Anomali Agave

Gijohnathan

Publicado

2019-05-01

Atualizado

2020-08-24

CVE-2019-11641

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Anomali Agave (formerly Drupot) versions prior to 1.1.0 is not specified, however, Anomali Agave (formerly Drupot) through 1.0.0

Description The issue allows attackers to detect and avoid the system by including predictable data and minimal variation in size within HTML templates, which gives them the ability to fingerprint the system.

Recommendations For Anomali Agave (formerly Drupot) through 1.0.0, consider modifying the HTML templates to include more variation in size and less predictable data to prevent fingerprinting. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of Insufficiently Random Values

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-330

Identificadores relacionados

CVE-2019-11641

Produtos afetados

Anomali Agave

PT-2019-12445 · Anomali · Anomali Agave

CVE-2019-11641

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3