PT-2016-7814 · Serendipity · Serendipity

Xu Yue

·

Publicado

2016-12-01

·

Atualizado

2016-12-03

·

CVE-2016-9752

CVSS v3.1

8.6

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Serendipity versions prior to 2.0.5
Description The issue allows an attacker to bypass SSRF protection. This can be achieved by using a malformed IP address, such as http://127.1, or by utilizing a 30x HTTP status code, also known as a Redirection status code.
Recommendations For versions prior to 2.0.5, update to version 2.0.5 or later to resolve the issue.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2016-9752

Produtos afetados

Serendipity