CVE-2019-17240

Critical

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged…

mitre·CWE-307·Published 2019-10-06

CVSS

9.8

EPSS

0.40

KEV

Exploits

cve.orgen

180 chars

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

NVDen

180 chars

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

El archivo bl-kernel/security.class.php en Bludit versión 3.9.2, permite a atacantes omitir un mecanismo de protección de fuerza bruta mediante el uso de muchos encabezados HTTP X-Forward-For o Client-IP falsificados diferentes.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.0	Primary	cve.org	3.7	—	—	CVSS:3.0/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N
3.0	Primary	cve.org	3.7	—	—	CVSS:3.0/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N
3.0	Secondary	NVD	3.7	2.2	1.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H