Vulnerability Details : CVE-2019-15164
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
Vulnerability category: Server-side request forgery (SSRF)
Products affected by CVE-2019-15164
- cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-15164
1.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15164
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2019-15164
-
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-15164
-
https://seclists.org/bugtraq/2019/Dec/23
Bugtraq: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020
-
http://seclists.org/fulldisclosure/2019/Dec/26
Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/
[SECURITY] Fedora 30 Update: libpcap-1.9.1-1.fc30 - package-announce - Fedora Mailing-Lists
-
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES
Product;Release Notes
-
https://support.apple.com/kb/HT210789
About the security content of watchOS 6.1.1 - Apple Support
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/
[SECURITY] Fedora 31 Update: libpcap-1.9.1-1.fc31 - package-announce - Fedora Mailing-Lists
-
https://support.apple.com/kb/HT210788
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
-
https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a
In the open request, reject capture sources that are URLs. · the-tcpdump-group/libpcap@33834cb · GitHubPatch;Third Party Advisory
-
https://support.apple.com/kb/HT210790
About the security content of tvOS 13.3 - Apple Support
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/
[SECURITY] Fedora 29 Update: libpcap-1.9.1-1.fc29 - package-announce - Fedora Mailing-Lists
-
https://www.tcpdump.org/public-cve-list.txt
Vendor Advisory
-
https://support.apple.com/kb/HT210785
About the security content of iOS 13.3 and iPadOS 13.3 - Apple Support
Jump to