Use of GET Request Method With Sensitive Query Strings

CVE-2017-3185

High

9.8/10

Summary

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-598 - Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

References

Advisory Timeline

Published Dec 16, 2017

Use of GET Request Method With Sensitive Query Strings

CVE-2017-3185

Summary

CWE-598 - Use of GET Request Method With Sensitive Query Strings

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS