CVE-2019-13383 - In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to c

CVE-2019-13383

Summary

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.

References

https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13383.md
http://packetstormsecurity.com/files/153667/CentOS-Control-Web-Panel-0.9.8.838-User-Enumeration.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010

Vulnerable Configurations

cpe:2.3:a:control-webpanel:webpanel:0.9.8.836:*:*:*:*:*:*:*
cpe:2.3:a:control-webpanel:webpanel:0.9.8.836:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 24-01-2023 - 18:57)
Impact:
Exploitability:

CWE

CWE-203

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

confirm	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
misc	http://packetstormsecurity.com/files/153667/CentOS-Control-Web-Panel-0.9.8.838-User-Enumeration.html https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13383.md

Last major update

24-01-2023 - 18:57

Published

16-07-2019 - 17:15

Last modified

24-01-2023 - 18:57