SMC – HTTP Smuggling
Advisory ID |
CVE Number |
Date discovered |
Severity |
Advisory revision |
STORM-2020-008 |
|
02/06/2020 |
medium |
v1 |
Vulnerability details
Malformed Transfer-Encoding header allow attackers to perform sub-request to SMC HTTP server.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
|
Initial release |
Stormshield Network Security |
CVSS v2 Overall Score: 6.6
|
Analysis
|
Impacted version
|
Update from an impacted NodeJS version to the node version 12.15.0
|
SMC < 2.6.4
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The SMC 2.6.4 update will fix this vulnerability.
|
Access vector |
Access complexity |
Authentication |
Confidentiality impact |
Integrity impact |
Availability impact |
Network |
Low |
None |
Partial |
Partial |
Partial |
Exploitability |
Remediation Level |
Report Confidence |
Functionnal exploits exists |
Official fix |
Confirmed |
Collateral Damage Potential |
Target Distribution |
Low |
High [76-100%] |