ID:5661 - Exploit for Improper Restriction of Excessive Authentication Attempts in Bludit - CVE-2019-17240

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:5661 - Exploit for Improper Restriction of Excessive Authentication Attempts in Bludit - CVE-2019-17240

ID:5661 - Exploit for Improper Restriction of Excessive Authentication Attempts in Bludit - CVE-2019-17240

Published: June 17, 2021


Vulnerability identifier: #VU35191
Vulnerability risk: High
CVE-ID: CVE-2019-17240
CWE-ID: CWE-307
Exploitation vector: Remote access
Vulnerable software:
Bludit

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.


Remediation

Install update from vendor's website.