CVE-2019-17240
First published: Sun Oct 06 2019(Updated: )
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bludit | =3.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.html
- http://packetstormsecurity.com/files/159664/Bludit-3.9.2-Bruteforce-Mitigation-Bypass.html
- https://github.com/bludit/bludit/pull/1090
- https://rastating.github.io/bludit-brute-force-mitigation-bypass/
Frequently Asked Questions
What is the vulnerability ID for this Bludit vulnerability?
The vulnerability ID for this Bludit vulnerability is CVE-2019-17240.
What is the title of this Bludit vulnerability?
The title of this Bludit vulnerability is 'bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism'.
What is the severity level of CVE-2019-17240?
CVE-2019-17240 has a severity level of critical.
What software version is affected by CVE-2019-17240?
Bludit version 3.9.2 is affected by CVE-2019-17240.
How can attackers exploit CVE-2019-17240?
Attackers can exploit CVE-2019-17240 by using many different forged X-Forwarded-For or Client-IP HTTP headers to bypass the brute-force protection mechanism.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/bludit
- canonical/bludit
- version/bludit/3.9.2