CVE-2021-35233

Published: Oct 27, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies.

Affected (1)

Products: Solarwinds: Kiwi Syslog Server

1 product

Kiwi Syslog Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Kiwi Syslog Server	Up to 9.7.2

Related CWEs

References (4)

https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm

Source: psirt@solarwinds.com

Release NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35233

Source: psirt@solarwinds.com

Release NotesVendor Advisory

https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35233

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.