- Description
- The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.
- Source
- security@zabbix.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@zabbix.com
- CWE-134
- Hype score
- Not currently trending
Zabbix(ITインフラ監視製品)に重大(Critical)な脆弱性。CVE-2024-42330はCVSSスコア9.1で遠隔コード実行の脆弱性。HttpRequestオブジェクトが対象サーバのレスポンスからHTTPヘッダを取得した際のエンコードが不適切なことに起因。要高権限。修正版が提供されている。 https://t.co/ARIcE6xv9e
@__kokumoto
28 Nov 2024
17351 Impressions
111 Retweets
222 Likes
62 Bookmarks
1 Reply
2 Quotes
[CVE-2024-42330: CRITICAL] Retrieve HTTP headers safely by encoding strings to prevent cyber attacks and access hidden object properties in JavaScript with the HttpRequest object. #cybersecurity#cybersecurity,#vulnerability https://t.co/F3rS4LLtfc https://t.co/X1D1WO29nV
@CveFindCom
27 Nov 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-42330 The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created direc… https://t.co/QTrZtrk20K
@CVEnew
27 Nov 2024
361 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes