1. CVE-Search
  2. CVE-2017-5474
ID CVE-2017-5474
Summary Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
References
Vulnerable Configurations
  • cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:1.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:1.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:s9y:serendipity:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:s9y:serendipity:2.0.5:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 25-01-2017 - 20:24)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 95652
confirm https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd
Last major update 25-01-2017 - 20:24
Published 14-01-2017 - 07:59
Last modified 25-01-2017 - 20:24
Back to Top