Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Kirona Dynamic Resource Scheduler - Information Disclosure

🗓️ 28 Aug 2021 09:21:51Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 14 Views

Kirona Dynamic Resource Scheduler - Information Disclosure. Vulnerability allows unauthenticated access to sensitive information including SQL queries

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
NVD		CVE-2019-17503
11 Oct 201917:15
nvd
Circl		CVE-2019-17503
5 Feb 202500:00
circl
RedhatCVE		CVE-2019-17503
22 May 202510:02
redhatcve
Cvelist		CVE-2019-17503
11 Oct 201916:21
cvelist
Prion		Design/Logic Flaw
11 Oct 201917:15
prion
CVE		CVE-2019-17503
11 Oct 201917:15
cve
0day.today		Kirona-DRS 5.5.3.5 - Information Disclosure Vulnerability
14 Oct 201900:00
zdt
Packet Storm		Kirona-DRS 5.5.3.5 Information Disclosure
14 Oct 201900:00
packetstorm
Exploit DB		Kirona-DRS 5.5.3.5 - Information Disclosure
14 Oct 201900:00
exploitdb
exploitpack		Kirona-DRS 5.5.3.5 - Information Disclosure
14 Oct 201900:00
exploitpack
Rows per page
id: CVE-2019-17503

info:
  name: Kirona Dynamic Resource Scheduler - Information Disclosure
  author: LogicalHunter
  severity: medium
  description: Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd), which contains sensitive information with exposed SQL queries, such as database version, table name, and column name.
  remediation: |
    Apply the latest patch or update provided by the vendor to fix the information disclosure vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/47498
    - https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities
    - http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html
    - https://nvd.nist.gov/vuln/detail/CVE-2019-17503
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2019-17503
    cwe-id: CWE-425
    epss-score: 0.00433
    epss-percentile: 0.71885
    cpe: cpe:2.3:a:kirona:dynamic_resource_scheduling:5.5.3.5:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: kirona
    product: dynamic_resource_scheduling
  tags: cve,cve2019,exposure,edb,packetstorm,kirona

http:
  - method: GET
    path:
      - "{{BaseURL}}/osm/REGISTER.cmd"
      - "{{BaseURL}}/osm_tiles/REGISTER.cmd"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "DEBUGMAPSCRIPT=TRUE"
          - "@echo off"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450221009794a6fd4393aacd5631ea272891950c66f143784d27140f740b96adf7879bf602205cba01af99e3bec35f7b53095f37f630541fbc8b5291b83327cb7cbcd1cf421d:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
28 Aug 2021 09:51Current
5.5Medium risk
Vulners AI Score5.5
CVSS25
CVSS35.3
EPSS0.9022
kironacve-2019-17503exposureexploit-dbpacketstorminformation disclosure
14
.json
Report