3dcyber (4)

Last Login: April 26, 2024

Assessments

Score

3dcyber's Latest (2) Contributions

Sort by:

Filter by:

3dcyber assessed CVE-2022-31129

September 07, 2023 2:07pm UTC (7 months ago)

Ratings

Attacker Value

Medium

Exploitability

Very High

Easy to weaponize Unauthenticated Vulnerable in default configuration No useful access

Technical Analysis

This vulnerability causes a denial of service in applications that use the moment library in the vulnerable versions.

When it is a javascript application on node.js, the impact of the vulnerability is greater.
When the application only loads or uses the library on the frontend, the impact is less since the denial of service is local to the browser.

3dcyber assessed CVE-2020-11100

April 23, 2020 1:18pm UTC (4 years ago)

Ratings

Attacker Value

High

Exploitability

High

Gives privileged access Unauthenticated Vulnerable in default configuration Vulnerable in uncommon configuration

Technical Analysis

This vulnerability affects HAProxy and does not require prior authentication as indicated by the CVSS score. Hopefully there is an update to the CVSS.

This vulnerability allows RCE when HTTP2 is enabled on HAProxy. There is a PoC exploit created by the researcher who discovered the vulnerability.

Note that in some solutions HTTP2 on HAProxy may be enabled by default.

To defend against this vulnerability:

HAproxy patches can be applied.
As workaroud you can disable HTTP2.

This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.

3dcyber (4)

Last Login: April 26, 2024

3dcyber's Latest (2) Contributions

Ratings

Technical Analysis

Ratings

Technical Analysis

Quick Cookie Notification