Bolt CVE-2017-16754 Multiple Access Bypass Vulnerabilities

Bolt is prone to multiple access-bypass vulnerabilities because of improper access validation

An attacker can exploit these issues to bypass certain security restrictions and gain access to sensitive information. This may aid in launching other attacks.

Versions prior to Bolt 3.3.6 are vulnerable.

Information

Bugtraq ID: 101777
Class: Access Validation Error
CVE: CVE-2017-16754

Remote: Yes
Local: No
Published: Nov 09 2017 12:00AM
Updated: Nov 09 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Bolt Bolt 3.3.5

Not Vulnerable: Bolt Bolt 3.3.6

Exploit

An attacker can exploit these issues using a web browser.

References:

• Bolt 3.2.20 and Bolt 3.3.6 maintenance releases (bolt)
  
• Bolt Homepage (Bolt)
  
• Maintenance release 3.3.6 (bolt)
  
• Request listener to prevent access to profiler routes (bolt)
  

Source: www.securityfocus.com