PT-2018-17134 · Oxid+1 · Oxid Eshop Enterprise Edition+1

Timo Terhaar

Publicado

2018-02-19

Atualizado

2018-03-20

CVE-2018-5763

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: OXID eShop Enterprise Edition versions prior to 5.3.7 OXID eShop Enterprise Edition versions 6.x prior to 6.0.1

Description: An issue allows an attacker to bring the shop server to a standstill by entering specially crafted URLs. This issue is only applicable if the OXID High Performance Option is activated and Varnish is used.

Recommendations: For OXID eShop Enterprise Edition versions prior to 5.3.7, update to version 5.3.7 or later. For OXID eShop Enterprise Edition versions 6.x prior to 6.0.1, update to version 6.0.1 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-5763

Produtos afetados

Oxid Eshop Enterprise Edition

Varnish

PT-2018-17134 · Oxid+1 · Oxid Eshop Enterprise Edition+1

CVE-2018-5763

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3