Description

Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration.

Remediation

References

CVE-2019-16179

Related Vulnerabilities

Envoy Proxy Reachable Assertion Vulnerability (CVE-2021-29258)

phpBB CVE-2008-6507 Vulnerability (CVE-2008-6507)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31778)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.20)

WordPress Plugin Developer Formatter Cross-Site Request Forgery (2012.0.1.39)

Severity

Medium

Classification

CVE-2019-16179 CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities