Опубликовано: 04 янв. 2017
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 3.7
Описание
Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| esm-infra/focal | DNE | |
| focal | DNE |
Показывать по
10
EPSS
Процентиль: 51%
0.00276
Низкий
4.3 Medium
CVSS2
3.7 Low
CVSS3
Связанные уязвимости
CVSS3: 3.7
nvd
около 9 лет назад
Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.
CVSS3: 3.7
debian
около 9 лет назад
Dotclear before 2.10.3, when the Host header is not part of the web se ...
CVSS3: 3.7
github
больше 3 лет назад
Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.
EPSS
Процентиль: 51%
0.00276
Низкий
4.3 Medium
CVSS2
3.7 Low
CVSS3