[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-2222Date: (C)2016-06-02   (M)2023-12-22


The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.6CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 4.0Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
SECTRACK-1034933
BID-82454
DSA-3472
https://codex.wordpress.org/Version_4.4.2
https://core.trac.wordpress.org/changeset/36435
https://hackerone.com/reports/110801
https://news.ycombinator.com/item?id=20433070
https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
https://wpvulndb.com/vulnerabilities/8376

OVAL    1
oval:org.secpod.oval:def:602363

© SecPod Technologies