CVE-2024-8651

Summary

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.

Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.

Affected Software

VendorProductVersion RangeStatus
NetCatNetCat CMS6.4.0.24126.2affected
NetCatNetCat CMS6.4.0.24248unaffected

Weaknesses

  • CWE-204: CWE-204: Observable Response Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References