oss-sec mailing list archives
Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities
From: cve-assign () mitre org
Date: Wed, 17 Feb 2016 09:48:05 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
How different is it from CVE-2012-1301 ?
See the https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce commit. The vendor added && requestUri.Port == 80 to address the 127.0.0.1:25 and 127.0.0.1:8080 attack vectors mentioned by Sandeep Kamble. This is not the same as the question of whether, or when, the earlier discovery of a different attack methodology: http://seclists.org/fulldisclosure/2012/Apr/65 http://umbraco.com/umbraco/dashboard/FeedProxy.aspx?url=http://en.wikipedia.org/wiki/Open_proxy was addressed. Accordingly, the new ID CVE-2015-8813 is needed for the SSRF vulnerability involving non-80 port numbers. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWxIdUAAoJEL54rhJi8gl5zuEP/3DwlNaP5H+cDd2MC0Nh4LYB zGn/lJv20cPAIhn8pBYAkQjpJhbbQmuFc4iael57H1E1rZ/2tkNC25OhQfHpi6mR ayok6XyWttguUb1gsoJJR1gsYxc8oH12Wj6Uhq+vhnFO3FoEpHnk3pFvdKiFQ5kc zjywXUKqwDbyzdNv8y2tvTxrNFooDQXXmP1d84HkGeuWl1R22pNzIGcJ94P31Rha AXayg5NBdD88nu/d1mNfuoh3MHVWgRVoDcZV/TBDZrXUO0l9HRgyignfXtczpE0H o/fAKBfAyQGlvqjjCu44DjpELyN3m4EopxifYnQ4tRX7BfuHs7hbZO3uG7oTZJUN 6j+lwoo/jXvnJV0+hq7lzO2X43qK+ZTGMMs88HArhnQ2k6PGqZVm1lvgTpLT8C2p YU3FROSPg4aztIGoqAqk+aZfAolts2UV2e7oRMCiKohdD03UNc68AsFuIG/WTlGw BF79uRCAUnBSsjK/Jl00nhMAxEtPNveLFJLNg0kZ9ZZdtJ0Ditb5ivud1S4153yV /h3hvpPIUDJKr0LMrrn2S4HikTFtGqeB/unKyfvh3iQRmiSpxBu9zhQkaw5tbHMs zN92b+o2ifvi4cOyXS6ckVREvmhLnlyV+dtVAeZKS85s4JljbhWHmS/OE/5kBwNN w0/ED5xiMkc1RSqdA5da =KXUT -----END PGP SIGNATURE-----
Current thread:
- Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Sandeep Kamble (Feb 16)
- Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities cve-assign (Feb 16)
- Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Florent Daigniere (Feb 17)
- Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities cve-assign (Feb 17)
- Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Sandeep Kamble (Feb 17)
- Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Florent Daigniere (Feb 17)
- Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities cve-assign (Feb 16)