CVE-2024-8651
19.09.2024, 17:15
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.Enginsight
| Vendor | Product | Version |
|---|---|---|
| netcat | netcat_content_management_system | 𝑥 < 6.4.0.24248 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-204 - Observable Response DiscrepancyThe product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
- CWE-203 - Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.