Missing Custom Error Page

CVE-2018-8913

High

7.1/10

Summary

Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-756 - Missing Custom Error Page

The software does not return custom error pages to the user, possibly exposing sensitive information.

References

Advisory Timeline

Published Apr 01, 2019

Missing Custom Error Page

CVE-2018-8913

Summary

CWE-756 - Missing Custom Error Page

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS