NVD

Id
18487  
Name
CVE-2016-2222  
Description
The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2016-05-21  
Modified Date
2016-11-28  
Seq
2016-2222  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
102809 18487 CVE-2016-2222 82454  View
102810 18487 CVE-2016-2222 https://codex.wordpress.org/Version_4.4.2  View
102811 18487 CVE-2016-2222 https://core.trac.wordpress.org/changeset/36435  View
102812 18487 CVE-2016-2222 https://hackerone.com/reports/110801  View
102813 18487 CVE-2016-2222 https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/  View
102814 18487 CVE-2016-2222 https://wpvulndb.com/vulnerabilities/8376  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
2101 JVNDB-2016-002874 WordPress の wp-includes/http.php の wp_http_validate_url 関数におけるサーバサイドのリクエストフォージェリ攻撃を実行される脆弱性 WordPress の wp-includes/http.php の wp_http_validate_url 関数には、サーバサイドのリクエストフォージェリ攻撃を実行される脆弱性が存在します。 CVE-2016-2222 88728 CVE-2016-2222 18487 5 8.6 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002874.html 2016-02-02 2016-05-25 View