Sign-up

ID

VAR-201907-0116


CVE

CVE-2019-5457


TITLE

Min-http-server cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-25441 // CNNVD: CNNVD-201907-1572

DESCRIPTION

Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. min-http-server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Min-http-server is a lightweight http static resource server. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2019-5457 // JVNDB: JVNDB-2019-007132 // CNVD: CNVD-2019-25441

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-25441

AFFECTED PRODUCTS

vendor:min http servermodel:min-http-serverscope: - version: -

Trust: 1.4

vendor:min http servermodel:min-http-serverscope:eqversion:1.0.0

Trust: 1.0

vendor:min http servermodel:min-http-serverscope:eqversion:1.0.6

Trust: 1.0

vendor:min http servermodel:min-http-serverscope:eqversion:1.0.4

Trust: 1.0

vendor:min http servermodel:min-http-serverscope:eqversion:1.0.2

Trust: 1.0

sources: CNVD: CNVD-2019-25441 // JVNDB: JVNDB-2019-007132 // NVD: CVE-2019-5457

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5457
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5457
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-25441
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-1572
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5457
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-25441
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5457
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-5457
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-25441 // JVNDB: JVNDB-2019-007132 // CNNVD: CNNVD-201907-1572 // NVD: CVE-2019-5457

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-007132 // NVD: CVE-2019-5457

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1572

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201907-1572

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007132

PATCH
title:min-http-serverurl:https://www.npmjs.com/package/min-http-server?activeTab=versions
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-007132

EXTERNAL IDS
db:NVDid:CVE-2019-5457
Trust: 3.0
db:HACKERONEid:570568
Trust: 2.4
db:JVNDBid:JVNDB-2019-007132
Trust: 0.8
db:CNVDid:CNVD-2019-25441
Trust: 0.6
db:CNNVDid:CNNVD-201907-1572
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-25441 // 
            
            
            
            JVNDB: JVNDB-2019-007132 // 
            
            
            
            CNNVD: CNNVD-201907-1572 // 
            
            
            
            NVD: CVE-2019-5457

REFERENCES
url:https://hackerone.com/reports/570568
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-5457
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5457
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-25441 // 
            
            
            
            JVNDB: JVNDB-2019-007132 // 
            
            
            
            CNNVD: CNNVD-201907-1572 // 
            
            
            
            NVD: CVE-2019-5457

SOURCES
db:CNVDid:CNVD-2019-25441
db:JVNDBid:JVNDB-2019-007132
db:CNNVDid:CNNVD-201907-1572
db:NVDid:CVE-2019-5457

LAST UPDATE DATE
2024-08-14T14:45:19.110000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-25441date:2019-08-01T00:00:00
db:JVNDBid:JVNDB-2019-007132date:2019-08-05T00:00:00
db:CNNVDid:CNNVD-201907-1572date:2019-08-02T00:00:00
db:NVDid:CVE-2019-5457date:2022-12-02T22:33:33.290

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-25441date:2019-08-01T00:00:00
db:JVNDBid:JVNDB-2019-007132date:2019-08-05T00:00:00
db:CNNVDid:CNNVD-201907-1572date:2019-07-30T00:00:00
db:NVDid:CVE-2019-5457date:2019-07-30T21:15:12.117