CVE-2016-7964 - The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and o

CVE-2016-7964

Summary

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

References

http://www.securityfocus.com/bid/94245
https://github.com/splitbrain/dokuwiki/issues/1708

Vulnerable Configurations

cpe:2.3:a:dokuwiki:dokuwiki:2016-06-26a:*:*:*:*:*:*:*
cpe:2.3:a:dokuwiki:dokuwiki:2016-06-26a:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 02-12-2016 - 23:09)
Impact:
Exploitability:

CWE

CWE-918

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

bid	94245
confirm	https://github.com/splitbrain/dokuwiki/issues/1708

Last major update

02-12-2016 - 23:09

Published

31-10-2016 - 10:59

Last modified

02-12-2016 - 23:09