PT-2019-12445 · Anomali · Anomali Agave
Gijohnathan
·
Published
2019-05-01
·
Updated
2020-08-24
·
CVE-2019-11641
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Anomali Agave (formerly Drupot) versions prior to 1.1.0 is not specified, however, Anomali Agave (formerly Drupot) through 1.0.0
Description
The issue allows attackers to detect and avoid the system by including predictable data and minimal variation in size within HTML templates, which gives them the ability to fingerprint the system.
Recommendations
For Anomali Agave (formerly Drupot) through 1.0.0, consider modifying the HTML templates to include more variation in size and less predictable data to prevent fingerprinting. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Anomali Agave