Vulnerability Description
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Portswigger | Burp Suite | < 2021.2 |
References
- https://hackerone.com/reports/1054382ExploitIssue TrackingThird Party Advisory
- https://portswigger.net/burp/releases/professional-community-2020-12?requestededRelease NotesVendor Advisory
- https://hackerone.com/reports/1054382ExploitIssue TrackingThird Party Advisory
- https://portswigger.net/burp/releases/professional-community-2020-12?requestededRelease NotesVendor Advisory
FAQ
What is CVE-2021-29416?
CVE-2021-29416 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configurat...
How severe is CVE-2021-29416?
CVE-2021-29416 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29416?
Check the references section above for vendor advisories and patch information. Affected products include: Portswigger Burp Suite.