CVE-2016-7903

Опубликовано: 04 янв. 2017

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

Ссылки

http://www.openwall.com/lists/oss-security/2016/10/05/5
Mailing List
http://www.securityfocus.com/bid/93439
https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3
Patch
Vendor Advisory
https://hg.dotclear.org/dotclear/rev/bb06343f4247
Patch
http://www.openwall.com/lists/oss-security/2016/10/05/5
Mailing List
http://www.securityfocus.com/bid/93439
https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3
Patch
Vendor Advisory
https://hg.dotclear.org/dotclear/rev/bb06343f4247
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*

Версия до 2.10.2 (включая)

EPSS

Процентиль: 51%

0.00276

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2016-7903

CVSS3: 3.7

ubuntu

около 9 лет назад

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

CVE-2016-7903

CVSS3: 3.7

debian

около 9 лет назад

Dotclear before 2.10.3, when the Host header is not part of the web se ...

GHSA-m62w-37gh-m9j3

CVSS3: 3.7

github

больше 3 лет назад

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

EPSS

Процентиль: 51%

0.00276

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-264