CVE-2016-7903

Sažetak

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

Reference

http://www.openwall.com/lists/oss-security/2016/10/05/5
http://www.securityfocus.com/bid/93439
https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3
https://hg.dotclear.org/dotclear/rev/bb06343f4247

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-01-2017 - 03:00

Objavljeno

04-01-2017 - 21:59