PT-2016-7814 · Serendipity · Serendipity

Xu Yue

·

Published

2016-12-01

·

Updated

2016-12-03

·

CVE-2016-9752

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Serendipity versions prior to 2.0.5
Description The issue allows an attacker to bypass SSRF protection. This can be achieved by using a malformed IP address, such as http://127.1, or by utilizing a 30x HTTP status code, also known as a Redirection status code.
Recommendations For versions prior to 2.0.5, update to version 2.0.5 or later to resolve the issue.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2016-9752

Affected Products

Serendipity