Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistDellCVELIST:CVE-2019-3799
HistoryMay 06, 2019 - 3:21 p.m.

CVE-2019-3799 Directory Traversal with spring-cloud-config-server

2019-05-0615:21:37
CWE-22
dell
www.cve.org
7

AI Score

6.7

Confidence

High

EPSS

0.026

Percentile

90.3%

JSON

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

CNA Affected

[
  {
    "product": "Spring Cloud Config",
    "vendor": "Spring",
    "versions": [
      {
        "lessThan": "v2.0.4.RELEASE",
        "status": "affected",
        "version": "2.0",
        "versionType": "custom"
      },
      {
        "lessThan": "v1.4.6.RELEASE",
        "status": "affected",
        "version": "1.4",
        "versionType": "custom"
      },
      {
        "lessThan": "v2.1.2.RELEASE",
        "status": "affected",
        "version": "2.1",
        "versionType": "custom"
      }
    ]
  }
]

Related

zdt 1
redhatcve 1
packetstorm 2
exploitpack 1
metasploit 1
veracode 1
nuclei 1
cve 1
exploitdb 1
nvd 1
osv 2
myhack58 1
prion 1
github 1
openvas 1
oracle 1
zdt
zdt
Spring Cloud Config 2.1.x - Path Traversal Exploit
2019-05-01 00:00:00
redhatcve
redhatcve
CVE-2019-3799
2019-05-13 08:25:09
packetstorm
packetstorm
Spring Cloud Config Server Directory Traversal
2024-09-01 00:00:00
Spring Cloud Config 2.1.x Path Traversal
2019-04-30 00:00:00
exploitpack
exploitpack
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
2019-04-30 00:00:00
metasploit
metasploit
Spring Cloud Config Server Directory Traversal
2019-04-18 07:24:34
veracode
veracode
Directory Traversal
2019-04-17 09:12:42
nuclei
nuclei
Spring Cloud Config Server - Local File Inclusion
2020-06-22 13:35:37
cve
cve
CVE-2019-3799
2019-05-06 16:29:01
exploitdb
exploitdb
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
2019-04-30 00:00:00
nvd
nvd
CVE-2019-3799
2019-05-06 16:29:01
osv
osv
Path Traversal in Spring Cloud Config
2019-05-23 08:39:23
CVE-2019-3799
2019-05-06 16:29:01
myhack58
myhack58
Spring Cloud Config directory traversal vulnerability, CVE-2019-3799οΌ‰early warning-vulnerability warning-the black bar safety net
2019-04-19 00:00:00
prion
prion
Directory traversal
2019-05-06 16:29:00
github
github
Path Traversal in Spring Cloud Config
2019-05-23 08:39:23
openvas
openvas
Generic HTTP Directory Traversal (Web Dirs) - Active Check
2021-07-22 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

AI Score

6.7

Confidence

High

EPSS

0.026

Percentile

90.3%

JSON
Related for CVELIST:CVE-2019-3799
zdt1redhatcve1packetstorm2exploitpack1metasploit1veracode1nuclei1cve1exploitdb1nvd1osv2myhack581prion1github1openvas1oracle1