Lucene search
PRIOn knowledge basePRION:CVE-2016-10567HistoryMay 29, 2018 - 8:29 p.m.
Design/Logic Flaw
2018-05-2920:29:00
PRIOn knowledge base
www.prio-n.com
product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| product-monitor | lt | 2.2.5 |
References
Related
veracode
veracode
Man In The Middle (MitM)
2016-12-19 07:10:44
github
github
Downloads Resources over HTTP in product-monitor
2019-02-18 23:35:32
cve
cve
CVE-2016-10567
2018-05-29 20:29:00
osv
osv
Downloads Resources over HTTP in product-monitor
2019-02-18 23:35:32
nodejs
nodejs
Downloads Resources over HTTP
2016-11-30 21:50:56
nvd
nvd
CVE-2016-10567
2018-05-29 20:29:00
cvelist
cvelist
CVE-2016-10567
2018-04-26 00:00:00