← volver
CVE-2016-2222

CVE-2016-2222

EPSS 9.3%
The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://codex.wordpress.org/Version_4.4.2https://core.trac.wordpress.org/changeset/36435https://hackerone.com/reports/110801https://news.ycombinator.com/item?id=20433070https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/https://wpvulndb.com/vulnerabilities/8376http://www.debian.org/security/2016/dsa-3472http://www.securityfocus.com/bid/82454http://www.securitytracker.com/id/1034933