CVE-2015-3880

Опубликовано: 19 сент. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Ссылки

http://www.openwall.com/lists/oss-security/2015/05/12/10
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/74592
Third Party Advisory
VDB Entry
https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
Patch
Third Party Advisory
https://wiki.phpbb.com/Release_Highlights/3.0.14
Third Party Advisory
https://wiki.phpbb.com/Release_Highlights/3.1.4
Third Party Advisory
https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/05/12/10
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/74592
Third Party Advisory
VDB Entry
https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
Patch
Third Party Advisory
https://wiki.phpbb.com/Release_Highlights/3.0.14
Third Party Advisory
https://wiki.phpbb.com/Release_Highlights/3.1.4
Third Party Advisory
https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:phpbb:phpbb:*:rc1:*:*:*:*:*:*

Версия до 3.0.14 (включая)

cpe:2.3:a:phpbb:phpbb:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:a1:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:a2:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:a3:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:b1:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:b2:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:b3:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:b4:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:rc4:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:rc5:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.0:rc6:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.2:rc1:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.3:rc1:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.3:rc2:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.4:rc1:*:*:*:*:*:*

cpe:2.3:a:phpbb:phpbb:3.1.4:rc2:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00713

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

CVE-2015-3880

CVSS3: 6.1

ubuntu

больше 8 лет назад

CVE-2015-3880

CVSS3: 6.1

debian

больше 8 лет назад

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3. ...

GHSA-hwq7-cvp8-6hm3

CVSS3: 6.1

github

больше 3 лет назад

phpBB Open Redirect

EPSS

Процентиль: 72%

0.00713

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601