Lucene search

[email protected]NVD:CVE-2016-2784

HistoryMay 26, 2016 - 2:59 p.m.

CVE-2016-2784

2016-05-2614:59:00

CWE-79

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.948 High

EPSS

Percentile

99.3%

JSON

CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.

Affected configurations

NVD

Node

cmsmadesimplecms_made_simpleMatch1.0

cmsmadesimplecms_made_simpleMatch1.0.1

cmsmadesimplecms_made_simpleMatch1.0.2

cmsmadesimplecms_made_simpleMatch1.0.3

cmsmadesimplecms_made_simpleMatch1.0.4

cmsmadesimplecms_made_simpleMatch1.0.5

cmsmadesimplecms_made_simpleMatch1.0.6

cmsmadesimplecms_made_simpleMatch1.0.7

cmsmadesimplecms_made_simpleMatch1.0.8

cmsmadesimplecms_made_simpleMatch1.1

cmsmadesimplecms_made_simpleMatch1.1.1

cmsmadesimplecms_made_simpleMatch1.1.2

cmsmadesimplecms_made_simpleMatch1.1.3.1

cmsmadesimplecms_made_simpleMatch1.1.4.1

cmsmadesimplecms_made_simpleMatch1.2

cmsmadesimplecms_made_simpleMatch1.2.1

cmsmadesimplecms_made_simpleMatch1.2.2

cmsmadesimplecms_made_simpleMatch1.2.3

cmsmadesimplecms_made_simpleMatch1.2.4

cmsmadesimplecms_made_simpleMatch1.2.5

cmsmadesimplecms_made_simpleMatch1.3

cmsmadesimplecms_made_simpleMatch1.3.1

cmsmadesimplecms_made_simpleMatch1.4

cmsmadesimplecms_made_simpleMatch1.4.1

cmsmadesimplecms_made_simpleMatch1.5

cmsmadesimplecms_made_simpleMatch1.5.1

cmsmadesimplecms_made_simpleMatch1.5.2

cmsmadesimplecms_made_simpleMatch1.5.3

cmsmadesimplecms_made_simpleMatch1.5.4

cmsmadesimplecms_made_simpleMatch1.6

cmsmadesimplecms_made_simpleMatch1.6.1

cmsmadesimplecms_made_simpleMatch1.6.2

cmsmadesimplecms_made_simpleMatch1.6.3

cmsmadesimplecms_made_simpleMatch1.6.4

cmsmadesimplecms_made_simpleMatch1.6.5

cmsmadesimplecms_made_simpleMatch1.6.6

cmsmadesimplecms_made_simpleMatch1.6.7

cmsmadesimplecms_made_simpleMatch1.6.8

cmsmadesimplecms_made_simpleMatch1.6.9

cmsmadesimplecms_made_simpleMatch1.6.10

cmsmadesimplecms_made_simpleMatch1.7

cmsmadesimplecms_made_simpleMatch1.7.1

cmsmadesimplecms_made_simpleMatch1.8

cmsmadesimplecms_made_simpleMatch1.8.1

cmsmadesimplecms_made_simpleMatch1.8.2

cmsmadesimplecms_made_simpleMatch1.9

cmsmadesimplecms_made_simpleMatch1.9.1

cmsmadesimplecms_made_simpleMatch1.9.2

cmsmadesimplecms_made_simpleMatch1.9.3

cmsmadesimplecms_made_simpleMatch1.9.4

cmsmadesimplecms_made_simpleMatch1.9.4.1

cmsmadesimplecms_made_simpleMatch1.9.4.2

cmsmadesimplecms_made_simpleMatch1.9.4.3

cmsmadesimplecms_made_simpleMatch1.10

cmsmadesimplecms_made_simpleMatch1.10.1

cmsmadesimplecms_made_simpleMatch1.10.2

cmsmadesimplecms_made_simpleMatch1.10.3

cmsmadesimplecms_made_simpleMatch1.11

cmsmadesimplecms_made_simpleMatch1.11.1

cmsmadesimplecms_made_simpleMatch1.11.2

cmsmadesimplecms_made_simpleMatch1.11.2.1

cmsmadesimplecms_made_simpleMatch1.11.3

cmsmadesimplecms_made_simpleMatch1.11.4

cmsmadesimplecms_made_simpleMatch1.11.5

cmsmadesimplecms_made_simpleMatch1.11.6

cmsmadesimplecms_made_simpleMatch1.11.7

cmsmadesimplecms_made_simpleMatch1.11.8

cmsmadesimplecms_made_simpleMatch1.11.9

cmsmadesimplecms_made_simpleMatch1.11.10

cmsmadesimplecms_made_simpleMatch1.11.11

cmsmadesimplecms_made_simpleMatch1.11.12

cmsmadesimplecms_made_simpleMatch1.11.13

cmsmadesimplecms_made_simpleMatch1.12

cmsmadesimplecms_made_simpleMatch1.12.1

cmsmadesimplecms_made_simpleMatch2.0

cmsmadesimplecms_made_simpleMatch2.0.1

cmsmadesimplecms_made_simpleMatch2.0.1.1

cmsmadesimplecms_made_simpleMatch2.1

cmsmadesimplecms_made_simpleMatch2.1.1

cmsmadesimplecms_made_simpleMatch2.1.2

References

packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html

seclists.org/fulldisclosure/2016/May/15

www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/

www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/

www.securityfocus.com/archive/1/538272/100/0/threaded

www.exploit-db.com/exploits/39760/

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.948 High

EPSS

Percentile

99.3%

JSON

Related for NVD:CVE-2016-2784

cvelist1 cve1 exploitpack1 zdt1 packetstorm1 openvas1 prion1 exploitdb1