CVE 2019-11517

Lately, there is an old vulnerability that not yet been fixed in WampServer where it related to Cross Site Request Forgery. The previous CVE for this vulnerabilities is CVE-2018-8817(https://www.exploit-db.com/exploits/44385)

The attacker can still abuse this old flaw to get to the new vhosts that been deleted or added in the Apache configuration file

The score for this vulnerability are such as follows:

CVSS 3.0

  • Impact Score: 3.6
  • Exploitability Score: 2.8
  • Base Score: 6.5

CVSS 2.0

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • Base Score: 5.8

Recommendation

It was been advisable to update to the WampServer 3.1.9

Source: https://seclists.org/bugtraq/2019/Jun/10

Author: Wan Ariff

Leave a Reply

Your email address will not be published. Required fields are marked *