CVE-2024-54013
Description
Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-54013? +
How do I check if I'm vulnerable to CVE-2024-54013? +
Related Vulnerabilities
An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to …
Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT …
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR …
A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL <4.4-01 may allow an unauthenticated physical …
A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 …
A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the …