exploitDog

CVE-2014-2233

Опубликовано: 01 дек. 2014

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors.

Комментарий

CWE-918: Server-Side Request Forgery (SSRF)

Ссылки

http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp
Vendor Advisory
http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp
Vendor Advisory
http://www.christian-schneider.net/advisories/CVE-2014-2233.txt
http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp
Vendor Advisory
http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp
Vendor Advisory
http://www.christian-schneider.net/advisories/CVE-2014-2233.txt

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:infoware:mapsuite:1.0.35:*:*:*:*:*:*:*

cpe:2.3:a:infoware:mapsuite:1.1.48:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00423

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-5845-9wxx-5wxg

github

больше 3 лет назад

Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors.

EPSS

Процентиль: 62%

0.00423

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other