Опубликовано: 01 дек. 2016
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 8.6
Описание
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 2.0.5 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE |
Показывать по
10
EPSS
Процентиль: 40%
0.00185
Низкий
5 Medium
CVSS2
8.6 High
CVSS3
Связанные уязвимости
CVSS3: 8.6
nvd
около 9 лет назад
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
CVSS3: 8.6
debian
около 9 лет назад
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by ...
CVSS3: 8.6
github
больше 3 лет назад
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
EPSS
Процентиль: 40%
0.00185
Низкий
5 Medium
CVSS2
8.6 High
CVSS3