CVE Vulnerabilities

CVE-2019-6531

Use of GET Request Method With Sensitive Query Strings

Published: Apr 02, 2019 | Modified: Nov 21, 2024
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position.

Weakness

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

Affected Software

Name Vendor Start Version End Version
Pr100088_modbus_gateway_firmware Kunbus * 1.1.13166 (excluding)

Potential Mitigations

References