Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ability to DoS the testing infrastructure by overwriting files
Vulnerability Description
TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
TestingPlatform 输入验证错误漏洞
Vulnerability Description
TestingPlatform是@NC3-LU的互联网安全标准测试平台。 TestingPlatform 2.1.0版本存在输入验证错误漏洞,该漏洞源于未正确过滤用户输入,攻击者利用该漏洞可以在指定位置创建日志文件,导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A