CVE-2021-35233

EPSS 0.99%
Veröffentlicht 27.10.2021 01:15:07
Zuletzt bearbeitet 21.11.2024 06:12:06
Quelle psirt@solarwinds.com
CVE-Watchlists
Login
Unerledigt
Login

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Kiwi Syslog Server Version <= 9.7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.99%	0.748

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
psirt@solarwinds.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm

Vendor Advisory

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35233

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-35233

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-35233

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-35233

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-35233