Use of GET Request Method With Sensitive Query Strings

CVE-2018-5467

Medium

6.5/10

Summary

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-598 - Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

References

Advisory Timeline

Published Mar 06, 2018

Use of GET Request Method With Sensitive Query Strings

CVE-2018-5467

Summary

CWE-598 - Use of GET Request Method With Sensitive Query Strings

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS