all InfoSec News
Tautulli 2.1.9 version; Cross-Site Request Forgery (ShutDown) and Denial of Service (Metasploit)
InfoSec Write-ups - Medium infosecwriteups.com
While doing security research, I came across a product called Tautulli. And I started to examine the relevant application. There were two security vulnerabilities that I discovered in this product. CSRF and DDOS effects could be created. Thus, the Media server could be shut down remotely.
The main problem was anonymous access to the /shutdown parameters function. I discovered this after a long struggle.
Details :
In the corresponding version of v2.1.9 by …
cross-site cross-site request forgery cybersecurity denial of service forgery metasploit request responsible disclosure service shutdown version vulnerability vulnerability research