CVE-2017-1000226
published 2017-11-17CVE-2017-1000226: Stop User Enumeration 1.3.8 allows user enumeration via the REST API
PriorityP179medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.37%
68.6th percentile
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cobbler_project | cobbler | >= 0 < 2.4.1-0ubuntu2+esm1 | 2.4.1-0ubuntu2+esm1 |
| fullworksplugins | stop_user_enumeration | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv4.0MEDIUM
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
cobbler vulnerabilities
osv·2023-11-13·CVSS 4.0
CVE-2014-3225 cobbler vulnerabilities
cobbler vulnerabilities
It was discovered that Cobbler did not properly handle user input, which
could result in an absolute path traversal. An attacker could possibly
use this issue to read arbitrary files. (CVE-2014-3225)
It was discovered that Cobbler did not properly handle user input, which
could result in command injection. An attacker could possibly use this
issue to execute arbitrary code with high privileges.
(CVE-2017-1000469, CVE-2021-45082)
It was discovered that Cobbler did not properly hide private functions in
a class. A remote attacker could possibly use this issue to gain high
privileges and upload files to an arbitrary location.
(CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226)
Nicolas Chatelain discovered that Cobbler did not properly handle user
input, which coul
GHSA
GHSA-4936-wqj9-mmwh: Stop User Enumeration 1
ghsa_unreviewed·2022-05-17
CVE-2017-1000226 [MEDIUM] CWE-200 GHSA-4936-wqj9-mmwh: Stop User Enumeration 1
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
VulnCheck
fullworksplugins stop_user_enumeration Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2017·CVSS 5.3
CVE-2017-1000226 [MEDIUM] fullworksplugins stop_user_enumeration Exposure of Sensitive Information to an Unauthorized Actor
fullworksplugins stop_user_enumeration Exposure of Sensitive Information to an Unauthorized Actor
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
Affected: fullworksplugins stop_user_enumeration
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-june-2024; https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip; https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-11-17
Published
Exploited in the wild