Lucene search
K

5 matches found

redhatcve
redhatcve
added 2025/05/23 4:35 a.m.6 views

CVE-2023-41327

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

5.4CVSS7AI score0.00469EPSS
Exploits0References1
github
github
added 2023/09/08 12:19 p.m.40 views

Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes

Impact The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to t...

6.6CVSS6.5AI score0.00571EPSS
Exploits0References4Affected Software5
vulnrichment
vulnrichment
added 2023/09/06 8:38 p.m.17 views

CVE-2023-41327 Controlled SSRF through URL in the WireMock

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

4.6CVSS7AI score0.00469EPSS
Exploits0References3
cvelist
cvelist
added 2023/09/06 8:38 p.m.66 views

CVE-2023-41327 Controlled SSRF through URL in the WireMock

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

4.6CVSS6.5AI score0.00469EPSS
Exploits0References3
cve
cve
added 2023/09/06 8:38 p.m.2531 views

CVE-2023-41327

CVE-2023-41327: WireMock Webhooks could forward webhook POSTs to arbitrary targets due to improper filtering of proxy targets prior to versions 2.35.1 and 3.0.3. Affected: WireMock (2.x up to 2.35.1, 3.x up to 3.0.3) and WireMock Studio (discontinued). Root cause: Webhook configuration allowed re...

5.4CVSS5.4AI score0.00469EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder