CVE-2017-11717

{"id": "CVE-2017-11717", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-07-28T05:29:00.933", "references": [{"url": "https://lncken.cn/?p=343", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lncken.cn/?p=343", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page."}, {"lang": "es", "value": "En MetInfo hasta la versi\u00f3n 5.3.17 acepta la misma respuesta CAPTCHA por 120 segundos, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos omitir los requisitos de desaf\u00edo previstos al modificar el flujo de datos hacia el servidor cliente, como es demostrado por la p\u00e1gina de login/findpass."}], "lastModified": "2024-11-21T03:08:21.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:metinfo_project:metinfo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8205EF34-EC30-4AB3-B13D-FAA94FEE4053", "versionEndIncluding": "5.3.17"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}