CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-17240

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.746

EPSS Ranking 98.8%

CVSS Severity

CVSS v3 Score 3.7

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.html
http://packetstormsecurity.com/files/159664/Bludit-3.9.2-Bruteforce-Mitigation-Bypass.html
https://github.com/bludit/bludit/pull/1090
https://rastating.github.io/bludit-brute-force-mitigation-bypass/
http://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.html
http://packetstormsecurity.com/files/159664/Bludit-3.9.2-Bruteforce-Mitigation-Bypass.html
https://github.com/bludit/bludit/pull/1090
https://rastating.github.io/bludit-brute-force-mitigation-bypass/

Products affected by CVE-2019-17240

Bludit » Bludit » Version: 3.9.2

cpe:2.3:a:bludit:bludit:3.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-17240

Products

Pricing

Contact Us