Multiple vulnerabilities in Bludit

Published: 2019-09-08 | Updated: 2020-08-09

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2019-17240 CVE-2019-16113
CWE-ID	CWE-307 CWE-94
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available.
Vulnerable software Subscribe	Bludit Web applications / CMS
Vendor	Bludit

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Restriction of Excessive Authentication Attempts

EUVDB-ID: #VU35191

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-17240

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Bludit: 3.9.2

External links

http://github.com/bludit/bludit/pull/1090
http://rastating.github.io/bludit-brute-force-mitigation-bypass/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Code Injection

EUVDB-ID: #VU35528

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-16113

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')