Miggo Logo
Miggo Vulnerability Database
CVE-2022-3175

CVE-2022-3175:
rdiffweb Missing Custom Error Page

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-3175
GHSA ID
GHSA-ch4c-278q-5654
EPSS Score
0.28812%
CWE
CWE-755
Published
9/14/2022
Updated
10/25/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
rdiffwebpip= 2.4.12.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided commit diff and vulnerability details focus on enforcing password length and related configurations, which address CVE-2022-3179 (password length) but do not directly show changes to error handling. The CVE-2022-3175 (missing custom error page) likely involves changes to error page configuration (e.g., overriding default CherryPy error handlers), but the specific code changes for this are not visible in the provided commit diff. Without explicit evidence of the error handling functions modified in the patch, identifying vulnerable functions with high confidence is not possible.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

r*i**w** v*rsion *.*.* is s*t to * ****ult *n* l**ks *rror in*orm*tion. V*rsion *.*.* *ix*s t*is issu*.

Reasoning

T** provi*** *ommit *i** *n* vuln*r**ility **t*ils *o*us on *n*or*in* p*sswor* l*n*t* *n* r*l*t** *on*i*ur*tions, w*i** ***r*ss *V*-****-**** (p*sswor* l*n*t*) *ut *o not *ir**tly s*ow ***n**s to *rror **n*lin*. T** *V*-****-**** (missin* *ustom *rro