Lucene search

[email protected]CVE-2019-8953

HistoryFeb 20, 2019 - 4:29 p.m.

CVE-2019-8953

2019-02-2016:29:00

CWE-79

[email protected]

web.nvd.nist.gov

haproxy

pfsense

xss

security

vulnerability

nvd

cve-2019-8953

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.065 Low

EPSS

Percentile

93.6%

JSON

The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.

CPENameOperatorVersion
netgate:haproxynetgate haproxylt0.59_16

CPE	Name	Operator	Version
netgate:haproxy	netgate haproxy	lt	0.59_16

References

cxsecurity.com/issue/WLB-2019020153

github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c

github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5

redmine.pfsense.org/issues/9335

www.exploit-db.com/exploits/46538/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.065 Low

EPSS

Percentile

93.6%

JSON

Related for CVE-2019-8953

zdt1 prion1 checkpoint_advisories1 packetstorm1 osv1