CVE-2016-4029 Information
Share on:
Feb 14, 2021
cve
Description
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Reference
http://codex.wordpress.org/Version_4.5 http://www.debian.org/security/2016/dsa-3681 http://www.securitytracker.com/id/1036594 https://core.trac.wordpress.org/query?status=closed&milestone=4.5 https://wpvulndb.com/vulnerabilities/8473
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
8.6