PT-2018-9260 · Ajenti · Ajenti
Published
2018-03-13
·
Updated
2018-04-06
·
CVE-2018-1000081
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Ajenti version 2
Description:
The issue is related to an Input Validation vulnerability in the ID string on Get-values POST request, which can cause Server Crashing. An attacker can exploit this by sending a large string to the
ID parameter, potentially freezing the server.Recommendations:
For Ajenti version 2, as a temporary workaround, consider restricting the length of the
ID parameter in the Get-values POST request to prevent server crashing until a patch is available.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ajenti