Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2016-7964
HistoryOct 31, 2016 - 10:59 a.m.

CVE-2016-7964

2016-10-3110:59:00
CWE-918
[email protected]
web.nvd.nist.gov
18
cve-2016-7964
httpclient
dokuwiki
ssrf
security vulnerability

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

8.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

41.4%

JSON

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

CPENameOperatorVersion
dokuwiki:dokuwikidokuwikieq2016-06-26a

Related

ubuntucve 1
nessus 2
debiancve 1
prion 1
seebug 1
openvas 3
fedora 2
ubuntucve
ubuntucve
CVE-2016-7964
2016-10-31 00:00:00
nessus
nessus
Fedora 27 : dokuwiki (2018-a1bd27f59b)
2018-09-20 00:00:00
Fedora 28 : dokuwiki (2018-be9f4838dd)
2019-01-03 00:00:00
debiancve
debiancve
CVE-2016-7964
2016-10-31 10:59:00
prion
prion
Design/Logic Flaw
2016-10-31 10:59:00
seebug
seebug
DokuWiki SSRF Security Bypass Vulnerability(CVE-2016-7964 οΌ‰
2017-02-27 00:00:00
openvas
openvas
DokuWiki Password Reset Address Spoof And SSRF Vulnerabilities
2016-11-03 00:00:00
Fedora Update for dokuwiki FEDORA-2018-a1bd27f59b
2018-09-20 00:00:00
Fedora Update for dokuwiki FEDORA-2018-be9f4838dd
2018-09-06 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: dokuwiki-20180422a-2.fc27
2018-09-20 05:17:27
[SECURITY] Fedora 28 Update: dokuwiki-20180422a-1.fc28
2018-09-06 03:13:15

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

8.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

41.4%

JSON
Related for CVE-2016-7964
ubuntucve1nessus2debiancve1prion1seebug1openvas3fedora2