exploitDog

CVE-2016-5673

Опубликовано: 25 авг. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number.

Ссылки

http://www.kb.cert.org/vuls/id/735416
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-A9WQVP
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/92348
http://www.kb.cert.org/vuls/id/735416
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-A9WQVP
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/92348

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ultravnc:repeater:*:*:*:*:*:*:*:*

Версия до 1201 (включая)

EPSS

Процентиль: 80%

0.01374

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-529m-7v26-xfh8

CVSS3: 7.5

github

больше 3 лет назад

UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number.

EPSS

Процентиль: 80%

0.01374

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284