CVE-2018-10377

Sažetak

PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data.

Reference

http://releases.portswigger.net/2018/06/1734.html
https://hackerone.com/reports/337680
https://integritylabs.io/advisories/cve-2018-10377

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

14-08-2018 - 14:26

Objavljeno

17-06-2018 - 16:29