Описание
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
Комментарий
CWE-918: Server-Side Request Forgery (SSRF)
Ссылки
- Release Notes
- Mailing List
- Broken LinkThird Party AdvisoryVDB Entry
- Patch
- Broken Link
- Release Notes
- Mailing List
- Broken LinkThird Party AdvisoryVDB Entry
- Patch
- Broken Link
Уязвимые конфигурации
EPSS
8.6 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
WordPress before 4.5 does not consider octal and hexadecimal IP addres ...
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
EPSS
8.6 High
CVSS3
5 Medium
CVSS2