8.6

CVE-2017-9066

WordPress Core < 4.7.5 - Server-Side Request Forgery

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.21, 3.8.21, 3.9.19, 4.0.18, 4.1.18, 4.2.15, 4.3.11, 4.4.10, 4.5.9, 4.6.6, 4.7.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 4.7.4
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 3.7)
Version 3.7-3.7.20
Version 3.8-3.8.20
Version 3.9-3.9.18
Version 4.0-4.0.17
Version 4.1-4.1.17
Version 4.2-4.2.14
Version 4.3-4.3.10
Version 4.4-4.4.9
Version 4.5-4.5.8
Version 4.6-4.6.5
Version 4.7-4.7.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.67% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 3.9 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

http://www.securityfocus.com/bid/98509
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038520
Third Party Advisory
VDB Entry
https://codex.wordpress.org/Version_4.7.5
Patch
Release Notes
https://wordpress.org/news/2017/05/wordpress-4-7-5/
Patch
Vendor Advisory
https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
Patch
https://twitter.com/skansing/status/865362551097393153
Third Party Advisory
https://wpvulndb.com/vulnerabilities/8815
Third Party Advisory
https://www.debian.org/security/2018/dsa-4090
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/d357f92a-3c20-4972-af4d-65053027d31c
Third Party Advisory