1 |
Stack-based buffer overflow (CWE-121), CVE-2019-9099 |
There were two separate issues that affected the buffer overflow in the built-in web server that allowed remote attackers to initiate a DoS attack and execute arbitrary code. |
2 |
Integer overflow leads to a buffer overflow (CWE-680), CVE-2019-9098 |
Integer overflow causes unexpected memory allocation that can lead to a buffer overflow. |
3 |
Bypass the CSRF protection mechanism by using a token (CWE-352), CVE-2019-9102 |
A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism. |
4 |
Use of a broken or risky cryptographic algorithm (CWE-327), CVE-2019-9095 |
Sensitive information may be revealed by using a weak cryptographic algorithm with predictable variables. |
5 |
Information exposure (CWE-200), CVE-2019-9103 |
An attacker can access sensitive information and usernames via the built-in web-service without proper authorization. |
6 |
User credentials are sent in cleartext (CWE-310), CVE-2019-9101 |
Sensitive information is transmitted over some web applications in clear text. |
7 |
Weak password requirements (CWE-521), CVE-2019-9096 |
Weak password requirements may allow an attacker to gain access by using brute force. |
8 |
Cleartext storage of sensitive information (CWE-312), CVE-2019-9104 |
Sensitive information is stored in configuration files using clear text, which allows attackers to use an administrative account. |
9 |
Denial-of-service attack (CWE-400, CWE-941), CVE-2019-9097 |
The web service will become temporarily unavailable due to the fact that the attacker overloads the system and causes the service to crash. |