CVE-2019-3996

Medium

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.

tenable·CWE-441·Published 2019-12-17

CVSS

6.5

EPSS

0.06

KEV

Exploits

cve.orgen

140 chars

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.

NVDen

140 chars

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.

NVDes

188 chars

ELOG versión 3.1.4-57bea22 y anterior , puede ser usado como un proxy de petición HTTP GET cuando los atacantes remotos no autenticados envían peticiones HTTP POST especialmente diseñadas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N