CVE-2019-19326 Vulnerability Details

  /     /     /  

CVE-2019-19326 Metadata Quick Info

CVE Published: 15/07/2020 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: mitre | Vendor: n/a | Product: n/a
Status : PUBLISHED

---

CVE-2019-19326 Description

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework\'s HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: n/a
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).