PT-2019-15701 · Trevorc2 · Trevorc2

Gionathan Armando Reale

Publicado

2019-12-04

Atualizado

2021-07-21

CVE-2019-18850

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions TrevorC2 versions 1.1 through 1.2

Description The issue arises from a discrepancy in response headers when responding to different HTTP methods. Additionally, predictable responses occur when accessing and interacting with the SITE PATH QUERY. This allows for potential fingerprinting.

Recommendations For TrevorC2 versions 1.1 through 1.2, as a temporary workaround, consider restricting access to the SITE PATH QUERY to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of Insufficiently Random Values

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-330CWE-203

Identificadores relacionados

CVE-2019-18850

Produtos afetados

Trevorc2

PT-2019-15701 · Trevorc2 · Trevorc2

CVE-2019-18850

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4