Base Score

HIGH8.6

CVE-2017-9066

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.

VectorNETWORK

Published Bycve@mitre.org

Published DateMay 18, 2017, 14:29

Weakness Type (CWE):CWE-918

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE

References

http://www.securityfocus.com/bid/98509
http://www.securitytracker.com/id/1038520
https://codex.wordpress.org/Version_4.7.5
https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
https://twitter.com/skansing/status/865362551097393153
https://wordpress.org/news/2017/05/wordpress-4-7-5/
https://wpvulndb.com/vulnerabilities/8815
https://www.debian.org/security/2018/dsa-4090

Base Score

HIGH8.6

Weakness Type (CWE):CWE-918

CVSS Metrics

Base Score

8.6

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE