CVE-2015-8813

Опубликовано: 03 мар. 2017

Источник: nvd

CVSS3: 8.2

CVSS2: 4.3

EPSS Высокий

Описание

The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.

Ссылки

http://issues.umbraco.org/issue/U4-7457
Issue Tracking
http://www.openwall.com/lists/oss-security/2016/02/16/10
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/02/17/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/02/17/5
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/02/18/8
Mailing List
Third Party Advisory
https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce
Patch
Vendor Advisory
http://issues.umbraco.org/issue/U4-7457
Issue Tracking
http://www.openwall.com/lists/oss-security/2016/02/16/10
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/02/17/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/02/17/5
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/02/18/8
Mailing List
Third Party Advisory
https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:umbraco:umbraco:*:*:*:*:*:*:*:*

Версия до 7.3.8 (включая)

EPSS

Процентиль: 99%

0.83448

Высокий

8.2 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-x34j-wxq8-7vcm