An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
References
Link | Resource |
---|---|
https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/ | Exploit Third Party Advisory |
Configurations
History
29 Aug 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/ - Exploit, Third Party Advisory | |
First Time |
Havocframework havoc
Havocframework |
|
CPE | cpe:2.3:a:havocframework:havoc:-:*:*:*:*:*:*:* | |
Summary |
|
13 Aug 2024, 01:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-918 |
12 Aug 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 13:38
Updated : 2024-08-29 13:32
NVD link : CVE-2024-41570
Mitre link : CVE-2024-41570
CVE.ORG link : CVE-2024-41570
JSON object : View
Products Affected
havocframework
- havoc
CWE
CWE-918
Server-Side Request Forgery (SSRF)