How severe is CVE-2024-52796?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-52796?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2024-52796 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. In v1.49.0, a fix was implemented to only authorize proxies on local IPs which resolves this issue. As a workaround, one may add rules to one's proxy and/or firewall to not accept external proxy headers such as `X-Forwarded-*` from clients.

Related Vulnerabilities

CVE-2005-4650

MEDIUM

CVSS:5.3(Medium)

Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.

CWE-7702005

CVE-2008-5180

MEDIUM

CVSS:5.3(Medium)

Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigg...

CWE-7702008

CVE-2017-18899

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.

CWE-7702017

CVE-2018-0006

MEDIUM

CVSS:5.3(Medium)

A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to...

CWE-7702018

CVE-2019-0005

MEDIUM

CVSS:5.3(Medium)

On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been b...

CWE-7702019

CVE-2019-15165

MEDIUM

CVSS:5.3(Medium)

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

CWE-7702019