[Forgot Password]
Login  Register Subscribe

23631

 
 

121819

 
 

98218

 
 

909

 
 

79224

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-14955

Date: (C)2017-10-04   (M)2017-11-15 


Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
EXPLOIT-DB-43021
http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8
https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes

CWE    1
CWE-362
OVAL    2
oval:org.secpod.oval:def:113340
oval:org.secpod.oval:def:113342

© 2013 SecPod Technologies