Описание
An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.7 (исключая)
Одно из
cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:rc2:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:rc3:*:*:enterprise:*:*:*
EPSS
Процентиль: 66%
0.00504
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.
EPSS
Процентиль: 66%
0.00504
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20