mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
77 lines
2.4 KiB
JSON
77 lines
2.4 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cve@mitre.org",
|
|
"ID": "CVE-2016-7903",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3"
|
|
},
|
|
{
|
|
"name": "https://hg.dotclear.org/dotclear/rev/bb06343f4247",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://hg.dotclear.org/dotclear/rev/bb06343f4247"
|
|
},
|
|
{
|
|
"name": "93439",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/93439"
|
|
},
|
|
{
|
|
"name": "[oss-security] 20161005 CVE-2016-7903: Dotclear <= 2.10.2 Password Reset Address Spoof",
|
|
"refsource": "MLIST",
|
|
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/5"
|
|
}
|
|
]
|
|
}
|
|
} |