CVE-2019-25434
CVE-2019-25434
6.7
MediumPublished:
Last updated:
Source:disclosure@vulncheck.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Local
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- Active
- Confidentiality (Vulnerable)
- None
- Integrity (Vulnerable)
- None
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.
References
disclosure@vulncheck.com
http://www.nsauditor.comdisclosure@vulncheck.com
https://www.exploit-db.com/exploits/47494disclosure@vulncheck.com
https://www.vulncheck.com/advisories/spotauditor-denial-of-service-via-registration-name-field