Lucene search

K

PRIOn knowledge basePRION:CVE-2018-18506

HistoryFeb 05, 2019 - 9:29 p.m.

Design/Logic Flaw

2019-02-0521:29:00

PRIOn knowledge base

www.prio-n.com

7

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.2%

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq18.04
ubuntu_linuxeq18.10
debian_linuxeq8.0
debian_linuxeq9.0
firefoxlt65.0
leapeq42.3
leapeq15.0
enterprise_linuxeq8.0

Rows per page:

1-10 of 291

References

lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html

lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html

www.securityfocus.com/bid/106773

access.redhat.com/errata/RHSA-2019:0622

access.redhat.com/errata/RHSA-2019:0623

access.redhat.com/errata/RHSA-2019:0680

access.redhat.com/errata/RHSA-2019:0681

access.redhat.com/errata/RHSA-2019:0966

access.redhat.com/errata/RHSA-2019:1144

lists.debian.org/debian-lts-announce/2019/03/msg00024.html

lists.debian.org/debian-lts-announce/2019/04/msg00000.html

seclists.org/bugtraq/2019/Apr/0

seclists.org/bugtraq/2019/Mar/28

security.gentoo.org/glsa/201904-07

usn.ubuntu.com/3874-1/

usn.ubuntu.com/3927-1/

www.debian.org/security/2019/dsa-4411

www.debian.org/security/2019/dsa-4420

www.mozilla.org/security/advisories/mfsa2019-01/

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.2%

Related for PRION:CVE-2018-18506

alpinelinux1 veracode1 redhatcve1 cve1 debiancve1 ubuntucve1 kaspersky3 freebsd1 nessus50 ubuntu2 openvas22 osv4 oraclelinux6 centos4 debian4 mozilla3 archlinux1 mageia2 redhat6 altlinux2 amazon1 suse4 gentoo1