Vulnerability CVE-2019-11642


Published: 2019-05-08

Description:
A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging console. This is predicated on the debugging console and Java Bean being made available to the deployed application.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Dragon 5.0 / 5.1 Log Poisoning
Josh Sheppard
06.05.2019

Type:

CWE-74

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://seclists.org/fulldisclosure/2019/May/1
https://oneshield.com/business-solutions/oneshield-pc-solutions/oneshield-policy/

Copyright 2024, cxsecurity.com

 

Back to Top