CVE-2019-3996
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.
| Software | From | Fixed in |
|---|---|---|
| elog_project / elog | - | 3.1.4-57bea22.x |
| fedoraproject / fedora | 30 | 30.x |
| fedoraproject / fedora | 31 | 31.x |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/
- https://www.tenable.com/security/research/tra-2019-53
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime