CVE-2019-1577
published 2019-07-01CVE-2019-1577: Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.
PriorityP335medium6.3CVSS 3.0
AVNACLPRLUINSUCLILAL
EPSS
0.90%
55.2th percentile
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | traps | — | — |
| paloalto | traps | — | — |
| paloaltonetworks | traps | 4.1 – 5.0.5 | — |
CVSS provenance
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Code Injection Vulnerability in Traps
vendor_paloalto·2019-06-27·CVSS 6.3
CVE-2019-1577 [MEDIUM] CWE-94 Code Injection Vulnerability in Traps
Code Injection Vulnerability in Traps
Code injection vulnerability exists in the Palo Alto Networks Traps. (Ref: CVE-2019-1577)
Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML.
This issue affects Traps 5.0.5 and earlier, including all 4.x releases. These releases did not have the file protection (SPROT) enabled by default. Traps 5.0.6, 6.0 and later are NOT affected.
Affected products: Traps
Solution: Traps 5.0.6 and later
Workaround: Configure Agent Security options that prevent unauthorized access or tampering with Traps components. Instructions are located on (see step 6) https://docs.paloaltonetworks.com/traps/tms/traps-management-service-admin/manage-endpoint-policy/traps-profiles/add-agent-settings-profile
GHSA
GHSA-7wp2-4893-x9p6: Code injection vulnerability in Palo Alto Networks Traps 5
ghsa_unreviewed·2022-05-24
CVE-2019-1577 [MEDIUM] CWE-94 GHSA-7wp2-4893-x9p6: Code injection vulnerability in Palo Alto Networks Traps 5
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-13113 exiv2: invalid data location in CRW image file causing denial of service
bugzilla·2019-07-10·CVSS 6.5
CVE-2019-13113 [MEDIUM] CVE-2019-13113 exiv2: invalid data location in CRW image file causing denial of service
CVE-2019-13113 exiv2: invalid data location in CRW image file causing denial of service
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
Reference:
https://github.com/Exiv2/exiv2/issues/841
https://github.com/Exiv2/exiv2/pull/842
Discussion:
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1728493]
---
Upstream patch:
https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933 [master branch]
https://github.com/Exiv2/exiv2/commit/7798ae25574425271305fffe85de77bec8df03f1 [0.27-maintenance branch]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:1577 https://access.redhat.com/errata/RHSA-2
Bugzilla
CVE-2019-9143 exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service
bugzilla·2019-03-01·CVSS 8.8
CVE-2019-9143 [HIGH] CVE-2019-9143 exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service
CVE-2019-9143 exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Reference:
https://github.com/Exiv2/exiv2/issues/711
https://research.loginsoft.com/vulnerability/uncontrolled-recursion-loop-in-exiv2imageprinttiffstructure-exiv2-0-27/
Discussion:
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1684382]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:1577 https://access.redh
2019-07-01
Published