CVE-2019-14511
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-14511
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14511.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-14511
- Related
- Published
- 2019-08-22T13:15:12Z
- Modified
- 2024-11-21T04:26:52Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).
- References
-
- http://sphinxsearch.com/docs/sphinx3.html#getting-started-on-linux-and-macos
- https://blog.wirhabenstil.de/2019/08/19/sphinxsearch-0-0-0-09306-cve-2019-14511/
- https://sphinxsearch.com/blog/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FPPNZZMWTZOMFGFETMET6YKIH2DQDKS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XD25JJJVM7FFXAO2L3ZG2KXQ6UMFBIA4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSLPW44RWIGHU5AG3P4U2HPSD3UBG4GJ/
- https://security-tracker.debian.org/tracker/CVE-2019-14511
Affected packages
Debian:12 / sphinxsearch
Package
- Name
- sphinxsearch
- Purl
- pkg:deb/debian/sphinxsearch?arch=source
Debian:13 / sphinxsearch
Package
- Name
- sphinxsearch
- Purl
- pkg:deb/debian/sphinxsearch?arch=source