CVE-2019-10904

Published: 06/04/2019 Updated: 09/04/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
roundup-tracker roundup 1.6

Debian Bug report logs - #926587 roundup: CVE-2019-10904 Package: roundup; Maintainer for roundup is Kai Storbeck <kai@xs4allnl>; Source for roundup is src:roundup (PTS, buildd, popcon) Reported by: "Chris Lamb" <lamby@debianorg> Date: Sun, 7 Apr 2019 12:03:02 UTC Severity: grave Tags: security Found in version ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, Apr 05, 2019 at 11:45:01AM +0200, Hanno Böck wrote: MITRE assigned CVE-2019-10904 for this vulnerability - -- Henri Salo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/aVSDznAZReWTkxKJ633pE6qdXQFAlypwzcACgkQJ633pE6q dXTd0hAAp4/CcLcf1EAEkk3OjPwYTmCWb35N/NeWV3YsK/c+iqAu9U+4zqhuFqqC hzCjW ...

CWE-79 https://www.openwall.com/lists/oss-security/2019/04/05/1 https://github.com/python/bugs.python.org/issues/34 https://bugs.python.org/issue36391 http://www.openwall.com/lists/oss-security/2019/04/07/1 https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926587

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-10904

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect