PT-2019-15701 · Trevorc2 · Trevorc2

Gionathan Armando Reale

Published

2019-12-04

Updated

2021-07-21

CVE-2019-18850

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions TrevorC2 versions 1.1 through 1.2

Description The issue arises from a discrepancy in response headers when responding to different HTTP methods. Additionally, predictable responses occur when accessing and interacting with the SITE PATH QUERY. This allows for potential fingerprinting.

Recommendations For TrevorC2 versions 1.1 through 1.2, as a temporary workaround, consider restricting access to the SITE PATH QUERY to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of Insufficiently Random Values

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330CWE-203

Related Identifiers

CVE-2019-18850

Affected Products

Trevorc2

PT-2019-15701 · Trevorc2 · Trevorc2

CVE-2019-18850

Weakness Enumeration

Related Identifiers

Affected Products

References · 4