Description
TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY".
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/trustedsec/trevorc2/blob/master/CHANGELOG.txt
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/trustedsec/trevorc2/issues/18
Scores
CVSS v3
7.5
EPSS
0.0118
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-330
CWE-203
Status
published
Products (2)
trustedsec/trevorc2
1.1
trustedsec/trevorc2
1.2
Published
Dec 04, 2019
Tracked Since
Feb 18, 2026