CVE-2019-17240
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
CVSS:3.0/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N
Produtos afetados
n/a · n/aPoCs públicas encontradas — 13
githubgithub.com/pingport80/CVE-2019-17240★ 3githubgithub.com/ColdFusionX/CVE-2019-17240_Bludit-BF-Bypass★ 2githubgithub.com/spyx/cve-2019-17240★ 1githubgithub.com/0xDTC/Bludit-3.9.2-Auth-Bruteforce-Bypass-CVE-2019-17240★ 1githubgithub.com/triple-octopus/Bludit-CVE-2019-17240-Fork★ 0githubgithub.com/jayngng/bludit-CVE-2019-17240★ 0githubgithub.com/brunosergi/bloodit★ 0githubgithub.com/mind2hex/CVE-2019-17240-Bludit-3.9.2-Auth-Bruteforce-Bypass★ 0githubgithub.com/LucaReggiannini/Bludit-3-9-2-bb★ 0exploitdbwww.exploit-db.com/exploits/48942não verificadocve_referencepacketstormsecurity.com/files/159664/Bludit-3.9.2-Bruteforce-Mitigation-Bypass.htmlnão verificadocve_referencepacketstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/48746não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.htmlhttp://packetstormsecurity.com/files/159664/Bludit-3.9.2-Bruteforce-Mitigation-Bypass.htmlhttps://github.com/bludit/bludit/pull/1090https://rastating.github.io/bludit-brute-force-mitigation-bypass/