CVE-2016-7903

NONE EPSS 62.6%
Published Jan 4, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 4, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

Threat Intelligence

EPSS Exploit Probability
62.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-264

Affected Products 1

VendorProductVersionRange
dotcleardotclear* ≤2.10.2

References 4

  • openwall.com http://www.openwall.com/lists/oss-security/2016/10/05/5
    Mailing List
  • securityfocus.com http://www.securityfocus.com/bid/93439
  • dotclear.org https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3
    PatchVendor Advisory
  • hg.dotclear.org https://hg.dotclear.org/dotclear/rev/bb06343f4247
    Patch

Remediation

  • dotclear.org https://dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3
    PatchVendor Advisory
  • hg.dotclear.org https://hg.dotclear.org/dotclear/rev/bb06343f4247
    Patch