Vulnerability Details : CVE-2023-26047
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been patched in version 0.2.0.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2023-26047
- cpe:2.3:a:kitabisa:teler-waf:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-26047
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-26047
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
3.9
|
2.5
|
GitHub, Inc. |
CWE ids for CVE-2023-26047
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: security-advisories@github.com (Primary)
-
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.Assigned by: security-advisories@github.com (Primary)
-
The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-26047
-
https://github.com/dwisiswant0/cwa-filter-rules/commit/d818d1645832d1a02cd210c7680e692d2bf4313b
feat: Added case-insensitivity detects the IE octal/hex/unicode entities · dwisiswant0/cwa-filter-rules@d818d16 · GitHubPatch
-
https://github.com/kitabisa/teler-waf/security/advisories/GHSA-p2pf-g8cq-3gq5
Bypass of IE Octal/Hex/Unicode Entities Detection in Common Web Attack Threat Rule with Case-Sensitive Entities Payload and Special Characters · Advisory · kitabisa/teler-waf · GitHubThird Party Advisory
-
https://github.com/kitabisa/teler-waf/releases/tag/v0.2.0
Release v0.2.0 · kitabisa/teler-waf · GitHubRelease Notes
Jump to