Lucene search

K
cvelistMitreCVELIST:CVE-2019-17240
HistoryOct 06, 2019 - 6:32 p.m.

CVE-2019-17240

2019-10-0618:32:20
mitre
www.cve.org
8
cve-2019-17240
bludit
security bypass
brute-force protection
http headers

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

9.4

Confidence

High

EPSS

0.056

Percentile

93.5%

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

9.4

Confidence

High

EPSS

0.056

Percentile

93.5%