[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110204

 
 

909

 
 

85984

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-7553Date: (C)2017-10-04   (M)2018-02-19


The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.3CVSS Score : 6.5
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 3.4Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE_INSTANCE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: PARTIAL
Integrity: LOW 
Availability: LOW 
  
Reference:
RHSA-2017:2674
RHSA-2017:2675
https://bugzilla.redhat.com/show_bug.cgi?id=1478792

© SecPod Technologies