CVE-2018-12684

Опубликовано: 22 июн. 2018

Источник: nvd

CVSS3: 7.1

CVSS2: 5.8

EPSS Низкий

Описание

Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.

Ссылки

https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552
Patch
Third Party Advisory
https://github.com/civetweb/civetweb/issues/633
Third Party Advisory
https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552
Patch
Third Party Advisory
https://github.com/civetweb/civetweb/issues/633
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:civetweb_project:civetweb:*:*:*:*:*:*:*:*

Версия до 1.10 (включая)

EPSS

Процентиль: 41%

0.00189

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-12684

CVSS3: 5.4

redhat

больше 7 лет назад

Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.

CVE-2018-12684

CVSS3: 7.1

debian

больше 7 лет назад

Out-of-bounds Read in the send_ssi_file function in civetweb.c in Cive ...

GHSA-v8q9-6423-3jq2

CVSS3: 7.1

github

больше 3 лет назад

Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.

EPSS

Процентиль: 41%

0.00189

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125