Описание
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.5.1+dfsg-2 |
| esm-apps/xenial | not-affected | 3.5.1+dfsg-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.5.1+dfsg-2]] |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | not-affected | 3.5.1+dfsg-2 |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to se ...
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
EPSS
6.4 Medium
CVSS2