Design/Logic Flaw

2019-12-0413:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.3%

JSON

TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the “SITE_PATH_QUERY”.

CPENameOperatorVersion
trevorc2eq1.2
trevorc2eq1.1

CPE	Name	Operator	Version
	trevorc2	eq	1.2
	trevorc2	eq	1.1

References

github.com/trustedsec/trevorc2/blob/master/CHANGELOG.txt

github.com/trustedsec/trevorc2/issues/18