Multiple vulnerabilities in Tenable.sc
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2017-9798 CVE-2017-9788 CVE-2018-1283 CVE-2017-15710 CVE-2017-15715 CVE-2017-3169 CVE-2017-7659 CVE-2019-3465 CVE-2017-7679 CVE-2017-7668 CVE-2018-1312 CVE-2018-1301 CVE-2019-1563 CVE-2019-1551 CVE-2019-1547 CVE-2019-1552 CVE-2018-17199 CVE-2018-17189 CVE-2018-1302 CVE-2018-1303 CVE-2018-1333 CVE-2018-11763 CVE-2017-3167 |
| CWE-ID | CWE-416 CWE-200 CWE-20 CWE-787 CWE-264 CWE-592 CWE-476 CWE-617 CWE-125 CWE-310 CWE-276 CWE-284 CWE-399 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #9 is available. |
| Vulnerable software Subscribe |
Tenable.sc Server applications / DLP, anti-spam, sniffers |
| Vendor | Tenable Network Security |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU8504
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C]
CVE-ID: CVE-2017-9798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to use-after-free error when processing HTTP OPTIONS requests in server/core.c, when limits are configured in .htaccess or httpd.conf configuration files. A remote unauthenticated attacker can read portions of memory through HTTP OPTIONS requests and gain access to potentially sensitive data.
The vulnerability is dubbed Optionsbleed.
MitigationUpdate Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Information disclosure
EUVDB-ID: #VU7517
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9788
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the targeted system.
The weakness exists due to improper initialization of the value placeholder in [Proxy-]Authorization headers of type 'Digest' before or between successive key=value assignments by mod_auth_digest. A remote attacker can provide an initial key with no '=' assignment to cause the stale value of uninitialized pool memory used by the prior request to leak.
Successful exploitation of the vulnerability results in information disclosure.
MitigationUpdate Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU11282
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1283
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify data on the target system.
The weakness exists on systems with mod_session configured with SessionEnv on to forward session data to CGI applications due to improper input validation. A remote attacker can send a specially
crafted 'Session' header value to potentially modify mod_session data.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU11283
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15710
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in HTTPD mod_authnz_ldap due to improper validation of user-supplied input. A remote attacker can send a specially crafted Accept-Language header value, trigger an out-of-bounds memory write error and potentially cause
the target service to crash.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Security restrictions bypass
EUVDB-ID: #VU11284
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15715
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists on systems that allow uploading of user-specified filenames due to the '<FilesMatch>' expression may not correctly match characters in a filename. A remote attacker can supply a specially crafted filename to potentially bypass security
controls that use the '<FilesMatch>' directive.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU7116
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-3169
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a NULL pointer dereference error within mod_ssl module, when third-party modules call ap_hook_process_connection() function during an HTTP request to an HTTPS port. A remote attacker can send a specially crafted HTTP request and crash the affected web server.
MitigationUpdate Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) NULL pointer dereference
EUVDB-ID: #VU7118
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7659
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a NULL pointer dereference error within mod_http2. A remote attacker can send a specially crafted HTTP/2 request and crash the affected process.
Successful exploitation of the vulnerability result in denial of service (DoS) attack.
MitigationUpdate Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Reachable Assertion
EUVDB-ID: #VU22596
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-3465
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to an assertion failure when processing signatures, related to XPath expression "./secdsig:SignedInfo/secdsig:Reference". A remote attacker with ability to retrieve IdP can impersonate any user i the application.
Successful exploitation of the vulnerability may allow an attacker to gain access to sensitive information or compromise the affected application.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU7119
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-7679
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to out-of-bounds read within the mod_mime when constructing Content-Type response header. A remote attacker read one byte pas the end of a buffer when sending a malicious Content-Type response header.
Mitigation
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Out-of-bound read
EUVDB-ID: #VU7117
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7668
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing token lists within ap_find_token() function. A remote unauthenticated attacker can create a specially crafted sequence of HTTP headers and refer to data past the end of the search string.
Successful exploitation of this vulnerability results segmentation fault and web server crash.
MitigationUpdate Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Security restrictions bypass
EUVDB-ID: #VU11279
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1312
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in Apache HTTPD mod_auth_digest due to improper generation of HTTP Digest authentication nonce. A remote attacker can replay HTTP requests across the cluster without detection by the target server(s) and bypass replay protection.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU11281
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper validation of user-supplied input. A remote attacker can send a specially crafted HTTP request to trigger an out-of-bounds
memory access error after a header size limit has been reached to cause
the target service to crash.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Padding oracle attack
EUVDB-ID: #VU21045
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1563
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform padding oracle attack.
The vulnerability exists due to possibility to perform a Bleichenbacher padding oracle attack against the RSA key, in situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker. A remote attacker can send a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key.
MitigationUpdate Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Cryptographic issues
EUVDB-ID: #VU23451
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1551
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an overflow issue within the rsaz_512_sqr(): the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. A remote attacker can perform an attack against DH512 keys.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Cryptographic issues
EUVDB-ID: #VU21043
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1547
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt traffic.
The vulnerability exists due to insufficient enforcement of side channel resistant code paths. A remote attacker with ability to create a large number of signatures, where explicit parameters with no co-factor is present, can force the application to fall back to non-side channel resistant code pathsduring ECDSA signature operation and perform full key recovery.
Successful exploitation of the vulnerability may allow an attacker to decrypt communication between server and client.
MitigationUpdate Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Incorrect default permissions
EUVDB-ID: #VU19563
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-1552
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass security restrictions.
The vulnerability exists due to OpenSSL uses insecure by default directory with potentially insecure permissions for the OPENSSLDIR on Windows. A local user can modify OpenSSL's default configuration within the 'C:/usr/local' folder, insert CA certificates, modify (or even replace) existing engine modules and bypass security restrictions, based on OpenSSL security mechanisms.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Security restrictions bypass
EUVDB-ID: #VU17178
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17199
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to mod_session checks the session expiry time before decoding the session. A remote attacker сan cause session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded and reuse old session credentials or session IDs, which the attacker could use to access web pages previously accessed by a targeted user.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU17177
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17189
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error when handling malicious input. A remote attacker can send a specially crafted request bodies in a slow loris way to plain resources and cause the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Null pointer dereference
EUVDB-ID: #VU11287
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1302
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper destruction of an HTTP/2 stream after being handled. A remote attacker can send a specially crafted HTTP/2 stream, write a NULL pointer value to an already freed memory space and cause the service to crash.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU11280
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1303
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in Apache HTTPD mod_cache_socache due to improper validation of user-supplied input. A remote attacker can send a specially crafted HTTP request header, trigger an out-of-bounds memory read error in mod_cache_socache and
cause the target service to crash.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU13908
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1333
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to insufficient filtering of incoming data within "mod_http2" apache module. A remote attacker can send a specially crafted HTTP request to the affected web server and trigger daemon crash.
Update Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU14913
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-11763
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of large SETTINGS frames in HTTP/2 connections. A remote attacker can repeatedly send large SETTINGS frames within an established HTTP/2 connection and consume all available threads and CPU time.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.
MitigationUpdate Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Authentication bypass
EUVDB-ID: #VU7115
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3167
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to usage of the ap_get_basic_auth_pw() function by third-party modules outside of the authentication phase. A remote attacker can create a specially crafted HTTP request to vulnerable web server, bypass authentication requirements and gain unauthorized access to otherwise protected information.
MitigationUpdate Tenable.sc to version 5.13.0.
Tenable.sc: 5.12.0 - Patch 201911.2
External linkshttp://www.tenable.com/security/tns-2019-09
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
