Improper Handling of Exceptional Conditions

CVE-2018-19991

High

9.8/10

Summary

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

References

Advisory Timeline

Published Dec 10, 2018

Improper Handling of Exceptional Conditions

CVE-2018-19991

Summary

CWE-755 - Improper Handling of Exceptional Conditions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS