CVE-2016-7903
NONE EPSS 62.6%
Published Jan 4, 20179y ago · Modified Jun 17, 20262w ago
Published Jan 4, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.
Threat Intelligence
EPSS Exploit Probability
62.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-264
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| dotclear | dotclear | * | ≤2.10.2 |
References 4
- openwall.com http://www.openwall.com/lists/oss-security/2016/10/05/5
- securityfocus.com http://www.securityfocus.com/bid/93439
- dotclear.org https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3
- hg.dotclear.org https://hg.dotclear.org/dotclear/rev/bb06343f4247
Remediation
- dotclear.org https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3
- hg.dotclear.org https://hg.dotclear.org/dotclear/rev/bb06343f4247