CVE-2016-7999

Опубликовано: 18 янв. 2017

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

CVSS3: 7.4

Описание

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	3.1.3-1
cosmic	not-affected	3.1.3-1
devel	not-affected	3.1.3-1
disco	not-affected	3.1.3-1
eoan	not-affected	3.1.3-1
esm-apps/bionic	not-affected	3.1.3-1
esm-apps/focal	not-affected	3.1.3-1
esm-apps/jammy	not-affected	3.1.3-1
esm-apps/noble	not-affected	3.1.3-1

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2016-7999

EPSS

Процентиль: 73%

0.00748

Низкий

4.3 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

CVE-2016-7999

CVSS3: 7.4

nvd

около 9 лет назад

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.

CVE-2016-7999

CVSS3: 7.4

debian

около 9 лет назад

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote at ...

GHSA-7fjq-6rmc-pgwr

CVSS3: 7.4

github

больше 3 лет назад

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.

EPSS

Процентиль: 73%

0.00748

Низкий

4.3 Medium

CVSS2

7.4 High

CVSS3

CVE-2016-7999

Описание

Пакет spip

Ссылки на источники

Связанные уязвимости