FKIE_CVE-2018-6651

Vulnerability from fkie_nvd - Published: 2018-02-05 22:29 - Updated: 2024-11-21 04:11
Severity
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full control over the victim's computer.
References
cve@mitre.orghttps://gist.github.com/Zenexer/ac7601c0e367d876353137e5099b18a7
cve@mitre.orghttps://github.com/chrisd1100/uncurl/commit/448cd13e7b18c83855d706c564341ddd1e38e769Patch, Third Party Advisory
cve@mitre.orghttps://github.com/chrisd1100/uncurl/releases/tag/0.07Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gist.github.com/Zenexer/ac7601c0e367d876353137e5099b18a7
af854a3a-2127-422b-91ae-364da2661108https://github.com/chrisd1100/uncurl/commit/448cd13e7b18c83855d706c564341ddd1e38e769Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/chrisd1100/uncurl/releases/tag/0.07Third Party Advisory
Impacted products
Vendor Product Version
uncurl_project uncurl *
parsecgaming parsec *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:uncurl_project:uncurl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92DC89CF-7272-489D-BA39-AD65E65BA26F",
              "versionEndExcluding": "0.07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:parsecgaming:parsec:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9885E1F4-7091-419D-B092-C4058EB910F4",
              "versionEndExcluding": "140-3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full control over the victim\u0027s computer."
    },
    {
      "lang": "es",
      "value": "En la funci\u00f3n uncurl_ws_accept en uncurl.c en versiones anteriores a la 0.07 de uncurl, como se utiliza en Parsec en versiones anteriores a la 140-3, una validaci\u00f3n insuficiente de cabeceras Origin (aceptando una correspondencia de subcadenas arbitraria) para peticiones API WebSocket permite que atacantes remotos omitan las restricciones de acceso previstas. En Parsec, esto implica control sobre el ordenador de la v\u00edctima."
    }
  ],
  "id": "CVE-2018-6651",
  "lastModified": "2024-11-21T04:11:03.500",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-05T22:29:00.333",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://gist.github.com/Zenexer/ac7601c0e367d876353137e5099b18a7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/chrisd1100/uncurl/commit/448cd13e7b18c83855d706c564341ddd1e38e769"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/chrisd1100/uncurl/releases/tag/0.07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gist.github.com/Zenexer/ac7601c0e367d876353137e5099b18a7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/chrisd1100/uncurl/commit/448cd13e7b18c83855d706c564341ddd1e38e769"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/chrisd1100/uncurl/releases/tag/0.07"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.