7.5
CVE-2019-17598
- EPSS 0.7%
- Veröffentlicht 05.11.2019 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:32:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lightbend ≫ Play Framework Version >= 2.5.0 <= 2.5.19
Lightbend ≫ Play Framework Version >= 2.6.0 <= 2.6.23
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.7% | 0.482 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://www.playframework.com/security/vulnerability
https://www.playframework.com/security/vulnerability/CVE-2019-17598-PlayWSHttpConnectAuthorizationHeaders