Author Topic: Need to upgrade CWPPHP from 7.2.30 to at least 7.2.31  (Read 384 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Need to upgrade CWPPHP from 7.2.30 to at least 7.2.31
« on: July 15, 2020, 01:09:16 PM »
I ran a security scanner on the CWP service, and it noticed a DoS vulnerability in the CWPPHP

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x
prior to 7.2.31, 7.3.x prior to 7.3.18 or 7.4.x prior to 7.4.6. It is, therefore, affected by a denial of service (DoS)
vulnerability in its HTTP file upload component due to a failure to clean up temporary files created during the file
upload process. An unauthenticated, remote attacker can exploit this issue, by repeatedly submitting uploads
with long file or field names, to exhaust disk space and cause a DoS condition.

Solution
Upgrade to PHP version of CWPPHP in Yum to 7.2.31, 7.3.18, 7.4.6 or later.

Risk Factor
Medium

CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)

CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)

STIG Severity
15
I

References
CVE CVE-2019-11048
XREF IAVA:2020-A-0221
« Last Edit: July 15, 2020, 01:57:28 PM by MyBuddyBen »
Trying to help people :)