CVE-2019-17240

2019-10-0619:15:09

Google

osv.dev

6.6 Medium

AI Score

Confidence

Low

0.096 Low

EPSS

Percentile

94.8%

JSON

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

CPENameOperatorVersion
bluditeq0.6.2
bluditeq3.9.0
bluditeq0.5
bluditeq2.0-beta4
bluditeq2.0.2
bluditeq1.0-beta1
bluditeq3.0.0-alpha-2
bluditeq3.3.0
bluditeq1.5-beta2
bluditeq2.0-alpha1

Name	Operator	Version
bludit	eq	0.6.2
bludit	eq	3.9.0
bludit	eq	0.5
bludit	eq	2.0-beta4
bludit	eq	2.0.2
bludit	eq	1.0-beta1
bludit	eq	3.0.0-alpha-2
bludit	eq	3.3.0
bludit	eq	1.5-beta2
bludit	eq	2.0-alpha1