ELOG < 3.1.4-033e292 DoS Vulnerability

Published: 2020-03-25 07:31:41

CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Detection Type:
Remote Banner Unreliable

Solution Type:
Vendor Patch

Summary:
ELOG is prone to a denial-of-service vulnerability.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer.

Impact:
An attacker can leverage this vulnerability to create a denial-of-service condition.

Affected Versions:
ELOG prior version 3.1.4-033e292.

Recommendations:
Update to version 3.1.4-033e292 or later.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2020-8859

References:

https://elog.psi.ch/elogs/Forum/69114
https://www.zerodayinitiative.com/advisories/ZDI-20-252/

Severity

Medium

CVSS Score

5.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.

Vulnerabilities

Categories

CVE Database

Documentation

To perform a search, type a word and hit enter. Some suggestions are:

ELOG < 3.1.4-033e292 DoS Vulnerability

Published: 2020-03-25 07:31:41

CVE Author: NIST National Vulnerability Database (NVD)

You never have to pay for a vulnerability scanning and management software again.