Vulnerability Description
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Kiwi Syslog Server | <= 9.7.2 |
Related Weaknesses (CWE)
References
- https://documentation.solarwinds.com/en/success_center/kss/content/release_notesRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35233Release NotesVendor Advisory
- https://documentation.solarwinds.com/en/success_center/kss/content/release_notesRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35233Release NotesVendor Advisory
FAQ
What is CVE-2021-35233?
CVE-2021-35233 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that u...
How severe is CVE-2021-35233?
CVE-2021-35233 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35233?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Kiwi Syslog Server.