Описание
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.
Ссылки
- PatchThird Party Advisory
- Permissions RequiredThird Party Advisory
- PatchThird Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.3.5 (включая)
Одно из
cpe:2.3:a:robocode:robocode:*:*:*:*:*:*:*:*
cpe:2.3:a:robocode:robocode:-:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00726
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 7 лет назад
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.
CVSS3: 9.8
debian
почти 7 лет назад
Robocode through 1.9.3.5 allows remote attackers to cause external ser ...
CVSS3: 9.8
github
почти 7 лет назад
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction
EPSS
Процентиль: 72%
0.00726
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-862