漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HTTP TRACK & TRACE Methods Enabled
Vulnerability Description
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
配置
Vulnerability Title
Solarwinds Kiwi Syslog Server 配置错误漏洞
Vulnerability Description
Solarwinds Kiwi Syslog Server是美国Solarwinds公司的一款适用于网络和系统工程师的经济实惠的 Syslog 管理工具。用于从网络设备(路由器、交换机、防火墙等)和 Linux®/Unix® 主机接收系统日志消息和 Snmp 陷阱。 Solarwinds Kiwi Syslog Server 9.7.1及之前版本存在安全漏洞,该漏洞源于"HTTP TRACK & TRACE"方法会将响应中收到的准确HTTP请求返回给客户端来响应使用这些方法的请求,这可能会导致泄露敏感信息
CVSS Information
N/A
Vulnerability Type
N/A