CVE-2019-17503
published 2019-10-11CVE-2019-17503: An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd)…
PriorityP180medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
49.24%
98.7th percentile
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kirona | dynamic_resource_scheduling | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Send an unauthenticated HTTP GET request to /osm/REGISTER.cmd and /osm_tiles/REGISTER.cmd; a vulnerable server returns HTTP 200 with a response body containing both '@echo off' and 'DEBUGMAPSCRIPT=TRUE', indicating the batch file is publicly accessible. ↗
- →The exposed REGISTER.cmd file reveals MySQL credentials and connection parameters via environment variables (%MYSQL_LOGIN%, %MYSQL_PASSWORD%, %MYSQL_TCP_PORT%) embedded in plaintext SQL invocation lines, enabling further database compromise. ↗
- →Use the Shodan dork '/opt-portal/pages/login.xhtml' to identify internet-exposed Kirona DRS instances that may be vulnerable. ↗
- →The vulnerable server response includes the header 'X-Powered-By: PHP/5.6.14' and 'Server: Apache', which can help fingerprint affected installations. ↗
- ·The Nuclei template issues two requests (to both /osm/REGISTER.cmd and /osm_tiles/REGISTER.cmd) since either path alias may be accessible depending on server configuration. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2fff-jm87-282r: An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5
ghsa_unreviewed·2022-05-24
CVE-2019-17503 [MEDIUM] CWE-200 GHSA-2fff-jm87-282r: An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.
VulnCheck
kirona dynamic_resource_scheduling Direct Request ('Forced Browsing')
vulncheck·2019·CVSS 5.3
CVE-2019-17503 [MEDIUM] kirona dynamic_resource_scheduling Direct Request ('Forced Browsing')
kirona dynamic_resource_scheduling Direct Request ('Forced Browsing')
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.
Affected: kirona dynamic_resource_scheduling
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-26&host_type=src&vulnerability=cve-2019-1750
No detection rules found.
Exploit-DB
Kirona-DRS 5.5.3.5 - Information Disclosure
exploitdb·2019-10-14·CVSS 5.3
CVE-2019-17503 [MEDIUM] Kirona-DRS 5.5.3.5 - Information Disclosure
Kirona-DRS 5.5.3.5 - Information Disclosure
---
# Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure
# Discovered Date: 2019-10-03
# Shodan Search: /opt-portal/pages/login.xhtml
# Exploit Author: Ramikan
# Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/
# Affected Version: DRS 5.5.3.5 may be other versions.
# Tested On Version: DRS 5.5.3.5 on PHP/5.6.14
# Vendor Fix: Unknown
# CVE: CVE-2019-17503,CVE-2019-17504
# Category: Web Apps
# Reference : https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS 5.5.3.5 Multiple Vulnerabilities
# Description:
# The application is vulnerable to the HTML injection, reflected cross site scripting and sensitive data disclosure.
# Vulnerabiity 1:HTML injection and (CVE-2019-17504)
# An issue was discovered
Nuclei
Kirona Dynamic Resource Scheduler - Information Disclosure
nuclei·CVSS 5.3
CVE-2019-17503 [MEDIUM] Kirona Dynamic Resource Scheduler - Information Disclosure
Kirona Dynamic Resource Scheduler - Information Disclosure
Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd), which contains sensitive information with exposed SQL queries, such as database version, table name, and column name.
Template:
id: CVE-2019-17503
info:
name: Kirona Dynamic Resource Scheduler - Information Disclosure
author: LogicalHunter
severity: medium
description: Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd), which contains sensitive information with exposed SQL queries, such as database version, table name, and column name.
impact: |
U
No writeups or analysis indexed.
http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.htmlhttps://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilitieshttp://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.htmlhttps://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities
2019-10-11
Published
Exploited in the wild