Vulnerabilities > CVE-2016-9752 - Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity

CVSS 8.6 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

s9y

CWE-918

NVD

Published: 2016-12-01

Updated: 2016-12-03

Summary

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

Vulnerable Configurations

Part	Description	Count
Application	S9Y S9Y Serendipity 0.3 S9Y Serendipity 0.4 S9Y Serendipity 0.7 S9Y Serendipity 0.7.1 S9Y Serendipity 0.8 S9Y Serendipity 0.8.1 S9Y Serendipity 0.8.2 S9Y Serendipity 0.8.3 S9Y Serendipity 0.8.4 S9Y Serendipity 0.8.5 S9Y Serendipity 0.9 S9Y Serendipity 0.9.1 S9Y Serendipity 1.0 S9Y Serendipity 1.0.1 S9Y Serendipity 1.0.2 S9Y Serendipity 1.0.3 S9Y Serendipity 1.0.4 S9Y Serendipity 1.1 S9Y Serendipity 1.1.1 S9Y Serendipity 1.1.2 S9Y Serendipity 1.1.3 S9Y Serendipity 1.1.4 S9Y Serendipity 1.2 S9Y Serendipity 1.2.1 S9Y Serendipity 1.3 S9Y Serendipity 1.3.1 S9Y Serendipity 1.4 S9Y Serendipity 1.4.1 S9Y Serendipity 1.5.1 S9Y Serendipity 1.5.2 S9Y Serendipity 1.5.3 S9Y Serendipity 1.5.4 S9Y Serendipity 1.5.5 S9Y Serendipity 1.6 S9Y Serendipity 1.6.1 S9Y Serendipity 1.6.2 S9Y Serendipity 1.7 S9Y Serendipity 1.7.2 S9Y Serendipity 1.7.3 S9Y Serendipity 1.7.4 S9Y Serendipity 1.7.5 S9Y Serendipity 1.7.6 S9Y Serendipity 1.7.7 S9Y Serendipity 1.7.8 S9Y Serendipity 1.7.9 S9Y Serendipity 2.0 S9Y Serendipity 2.0.0 S9Y Serendipity 2.0.1 S9Y Serendipity 2.0.2 S9Y Serendipity 2.0.3 S9Y Serendipity 2.0.4	51

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References