← voltar
CVE-2016-8627

CVE-2016-8627

CVSS 4.3 MEDIUMEPSS 2.7%CWE-400
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Produtos afetados
[UNKNOWN] · admin-cli

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://rhn.redhat.com/errata/RHSA-2017-0170.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0171.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0172.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0173.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0244.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0245.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0246.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0247.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0250.htmlhttps://access.redhat.com/errata/RHSA-2017:3454https://access.redhat.com/errata/RHSA-2017:3455https://access.redhat.com/errata/RHSA-2017:3456