HTTP Referer Header Authentication Bypass in GroundWork Monitor Enterprise 6.7.0

HTTP Referer Header Authentication Bypass in GroundWork Monitor Enterprise 6.7.0

CVE-2013-3499 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header.

Learn more about our Web Application Penetration Testing UK.