CVE-2015-8813 Information
Description
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Reference
http://issues.umbraco.org/issue/U4-7457 http://www.openwall.com/lists/oss-security/2016/02/16/10 http://www.openwall.com/lists/oss-security/2016/02/17/1 http://www.openwall.com/lists/oss-security/2016/02/17/5 http://www.openwall.com/lists/oss-security/2016/02/18/8 https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
HIGH
Base Score
NONE
Base Severity
8.2
Share on: