CVE-2018-14887

Опубликовано: 28 июн. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 5.8

EPSS Низкий

Описание

Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request.

Ссылки

https://github.com/odoo/odoo/commits/master
Third Party Advisory
https://github.com/odoo/odoo/issues/32511
Issue Tracking
Patch
Third Party Advisory
https://github.com/odoo/odoo/commits/master
Third Party Advisory
https://github.com/odoo/odoo/issues/32511
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*

cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*

cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:odoo:odoo:11.0:*:*:*:community:*:*:*

cpe:2.3:a:odoo:odoo:11.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 62%

0.00431

Низкий

6.5 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2018-14887

CVSS3: 6.5

debian

больше 6 лет назад

Improper Host header sanitization in the dbfilter routing component in ...

GHSA-9c74-22fq-7f39

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 62%

0.00431

Низкий

6.5 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-20