Lucene search

[email protected]CVE-2016-2784

HistoryMay 26, 2016 - 2:59 p.m.

CVE-2016-2784

2016-05-2614:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2016-2784

cms made simple

cache poisoning

modify links

xss

http host header

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.948 High

EPSS

Percentile

99.3%

JSON

CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.

Affected configurations

NVD

Node

cmsmadesimplecms_made_simpleMatch1.0

cmsmadesimplecms_made_simpleMatch1.0.1

cmsmadesimplecms_made_simpleMatch1.0.2

cmsmadesimplecms_made_simpleMatch1.0.3

cmsmadesimplecms_made_simpleMatch1.0.4

cmsmadesimplecms_made_simpleMatch1.0.5

cmsmadesimplecms_made_simpleMatch1.0.6

cmsmadesimplecms_made_simpleMatch1.0.7

cmsmadesimplecms_made_simpleMatch1.0.8

cmsmadesimplecms_made_simpleMatch1.1

cmsmadesimplecms_made_simpleMatch1.1.1

cmsmadesimplecms_made_simpleMatch1.1.2

cmsmadesimplecms_made_simpleMatch1.1.3.1

cmsmadesimplecms_made_simpleMatch1.1.4.1

cmsmadesimplecms_made_simpleMatch1.2

cmsmadesimplecms_made_simpleMatch1.2.1

cmsmadesimplecms_made_simpleMatch1.2.2

cmsmadesimplecms_made_simpleMatch1.2.3

cmsmadesimplecms_made_simpleMatch1.2.4

cmsmadesimplecms_made_simpleMatch1.2.5

cmsmadesimplecms_made_simpleMatch1.3

cmsmadesimplecms_made_simpleMatch1.3.1

cmsmadesimplecms_made_simpleMatch1.4

cmsmadesimplecms_made_simpleMatch1.4.1

cmsmadesimplecms_made_simpleMatch1.5

cmsmadesimplecms_made_simpleMatch1.5.1

cmsmadesimplecms_made_simpleMatch1.5.2

cmsmadesimplecms_made_simpleMatch1.5.3

cmsmadesimplecms_made_simpleMatch1.5.4

cmsmadesimplecms_made_simpleMatch1.6

cmsmadesimplecms_made_simpleMatch1.6.1

cmsmadesimplecms_made_simpleMatch1.6.2

cmsmadesimplecms_made_simpleMatch1.6.3

cmsmadesimplecms_made_simpleMatch1.6.4

cmsmadesimplecms_made_simpleMatch1.6.5

cmsmadesimplecms_made_simpleMatch1.6.6

cmsmadesimplecms_made_simpleMatch1.6.7

cmsmadesimplecms_made_simpleMatch1.6.8

cmsmadesimplecms_made_simpleMatch1.6.9

cmsmadesimplecms_made_simpleMatch1.6.10

cmsmadesimplecms_made_simpleMatch1.7

cmsmadesimplecms_made_simpleMatch1.7.1

cmsmadesimplecms_made_simpleMatch1.8

cmsmadesimplecms_made_simpleMatch1.8.1

cmsmadesimplecms_made_simpleMatch1.8.2

cmsmadesimplecms_made_simpleMatch1.9

cmsmadesimplecms_made_simpleMatch1.9.1

cmsmadesimplecms_made_simpleMatch1.9.2

cmsmadesimplecms_made_simpleMatch1.9.3

cmsmadesimplecms_made_simpleMatch1.9.4

cmsmadesimplecms_made_simpleMatch1.9.4.1

cmsmadesimplecms_made_simpleMatch1.9.4.2

cmsmadesimplecms_made_simpleMatch1.9.4.3

cmsmadesimplecms_made_simpleMatch1.10

cmsmadesimplecms_made_simpleMatch1.10.1

cmsmadesimplecms_made_simpleMatch1.10.2

cmsmadesimplecms_made_simpleMatch1.10.3

cmsmadesimplecms_made_simpleMatch1.11

cmsmadesimplecms_made_simpleMatch1.11.1

cmsmadesimplecms_made_simpleMatch1.11.2

cmsmadesimplecms_made_simpleMatch1.11.2.1

cmsmadesimplecms_made_simpleMatch1.11.3

cmsmadesimplecms_made_simpleMatch1.11.4

cmsmadesimplecms_made_simpleMatch1.11.5

cmsmadesimplecms_made_simpleMatch1.11.6

cmsmadesimplecms_made_simpleMatch1.11.7

cmsmadesimplecms_made_simpleMatch1.11.8

cmsmadesimplecms_made_simpleMatch1.11.9

cmsmadesimplecms_made_simpleMatch1.11.10

cmsmadesimplecms_made_simpleMatch1.11.11

cmsmadesimplecms_made_simpleMatch1.11.12

cmsmadesimplecms_made_simpleMatch1.11.13

cmsmadesimplecms_made_simpleMatch1.12

cmsmadesimplecms_made_simpleMatch1.12.1

cmsmadesimplecms_made_simpleMatch2.0

cmsmadesimplecms_made_simpleMatch2.0.1

cmsmadesimplecms_made_simpleMatch2.0.1.1

cmsmadesimplecms_made_simpleMatch2.1

cmsmadesimplecms_made_simpleMatch2.1.1

cmsmadesimplecms_made_simpleMatch2.1.2

CPENameOperatorVersion
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.0
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.0.1
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.0.2
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.0.3
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.0.4
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.0.5
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.0.6
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.0.7
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.0.8
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.1

CPE	Name	Operator	Version
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.0
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.0.1
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.0.2
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.0.3
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.0.4
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.0.5
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.0.6
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.0.7
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.0.8
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.1

Rows per page:

1-10 of 801

References

packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html

seclists.org/fulldisclosure/2016/May/15

www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/

www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/

www.securityfocus.com/archive/1/538272/100/0/threaded

www.exploit-db.com/exploits/39760/

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.948 High

EPSS

Percentile

99.3%

JSON

Related for CVE-2016-2784

cvelist1 exploitpack1 nvd1 zdt1 packetstorm1 openvas1 prion1 exploitdb1