CVE-2016-7903

Опубликовано: 04 янв. 2017

Источник: debian

Описание

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
dotclear	removed			package

Примечания

Fixed by: https://hg.dotclear.org/dotclear/rev/bb06343f4247

Связанные уязвимости

CVE-2016-7903

CVSS3: 3.7

ubuntu

около 9 лет назад

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

CVE-2016-7903

CVSS3: 3.7

nvd

около 9 лет назад

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

GHSA-m62w-37gh-m9j3

CVSS3: 3.7

github

больше 3 лет назад

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.