Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability
Vulnerability Description
ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the GetErrorResponse method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to relay NTLM credentials in the context of the current user. Was ZDI-CAN-25834.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
ServiceStack 输入验证错误漏洞
Vulnerability Description
ServiceStack是ServiceStack公司的一个用于构建高性能Web服务的API。 ServiceStack存在输入验证错误漏洞,该漏洞源于GetErrorResponse方法未正确验证用户输入,可能导致NTLM凭据中继攻击。
CVSS Information
N/A
Vulnerability Type
N/A