Products
NetCat CMS
- 6.4.0.24126.2
- 6.4.0.24248
Source
vulnerability@kaspersky.com
Tags
CVE-2024-8651 details
Published : Sept. 19, 2024, 5:15 p.m.
Last Modified : Sept. 19, 2024, 5:15 p.m.
Last Modified : Sept. 19, 2024, 5:15 p.m.
Description
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-204 | Observable Response Discrepancy | The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. |
References
URL | Source |
---|---|
https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md | vulnerability@kaspersky.com |
This website uses the NVD API, but is not approved or certified by it.