CVE-2019-7228 - CERT CVE
ID CVE-2019-7228
Sažetak The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
Reference
CVSS
Base: 5.8
Impact: 6.4
Exploitability:6.5
Pristup
VektorSloženostAutentikacija
ADJACENT_NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:A/AC:L/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje 30-11-2022 - 21:41
Objavljeno 27-06-2019 - 15:15