CVE-2016-4029

Sažetak

WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.

Reference

http://codex.wordpress.org/Version_4.5
http://www.debian.org/security/2016/dsa-3681
http://www.securitytracker.com/id/1036594
https://core.trac.wordpress.org/query?status=closed&milestone=4.5
https://wpvulndb.com/vulnerabilities/8473

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-02-2024 - 19:56

Objavljeno

07-08-2016 - 16:59