Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCertccCVELIST:CVE-2013-6020
HistoryOct 28, 2013 - 1:00 a.m.

CVE-2013-6020

2013-10-2801:00:00
certcc
www.cve.org
4
cve-2013-6020
tyler technologies taxweb
password-recovery
http status codes
remote attackers
account enumeration
assessor application
recorder application
treasurer application

AI Score

6.5

Confidence

Low

EPSS

0.007

Percentile

80.0%

JSON

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application.

Related

nvd 2
cve 2
prion 2
cvelist 1
cert 1
nvd
nvd
CVE-2013-6020
2013-10-28 03:42:29
CVE-2013-6285
2013-10-28 03:42:29
cve
cve
CVE-2013-6020
2013-10-28 03:42:29
CVE-2013-6285
2013-10-28 03:42:29
prion
prion
Code injection
2013-10-28 03:42:00
Cross site request forgery (csrf)
2013-10-28 03:42:00
cvelist
cvelist
CVE-2013-6285
2013-10-28 01:00:00
cert
cert
Tyler Technologies TaxWeb 3.13.3.1 contains multiple vulnerabilities
2013-10-25 00:00:00

AI Score

6.5

Confidence

Low

EPSS

0.007

Percentile

80.0%

JSON
Related for CVELIST:CVE-2013-6020
nvd2cve2prion2cvelist1cert1