CVE-2016-9752

Опубликовано: 01 дек. 2016

Источник: nvd

CVSS3: 8.6

CVSS2: 5

EPSS Низкий

Описание

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

Ссылки

http://www.securityfocus.com/bid/94622
https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html
Vendor Advisory
https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f
Issue Tracking
Patch
Third Party Advisory
http://www.securityfocus.com/bid/94622
https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html
Vendor Advisory
https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*

Версия до 2.0.4 (включая)

EPSS

Процентиль: 40%

0.00185

Низкий

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

CVE-2016-9752

CVSS3: 8.6

ubuntu

около 9 лет назад

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

CVE-2016-9752

CVSS3: 8.6

debian

около 9 лет назад

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by ...

GHSA-q64h-5888-4mvg

CVSS3: 8.6

github

больше 3 лет назад

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

EPSS

Процентиль: 40%

0.00185

Низкий

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918