CVE-2019-19342

MEDIUM Year: 2019
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-209
View all →

Vulnerability Description

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.

Related Vulnerabilities

CVE-2013-6879

MEDIUM
CVSS:5.3(Medium)

The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation pat...

CWE-2092013

CVE-2018-1073

MEDIUM
CVSS:5.3(Medium)

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user account...

CWE-2092018

CVE-2018-12536

MEDIUM
CVSS:5.3(Medium)

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled...

CWE-2092018

CVE-2018-14907

MEDIUM
CVSS:5.3(Medium)

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.

CWE-2092018

CVE-2019-11602

MEDIUM
CVSS:5.3(Medium)

Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the...

CWE-2092019