CVE-2016-4029
Published: 7 August 2016
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
Priority
Status
Package | Release | Status |
---|---|---|
wordpress Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(4.5+dfsg-1)
|
|
cosmic |
Not vulnerable
(4.5+dfsg-1)
|
|
disco |
Not vulnerable
(4.5+dfsg-1)
|
|
eoan |
Not vulnerable
(4.5+dfsg-1)
|
|
focal |
Not vulnerable
(4.5+dfsg-1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
yakkety |
Ignored
(end of life)
|
|
impish |
Not vulnerable
(4.5+dfsg-1)
|
|
groovy |
Not vulnerable
(4.5+dfsg-1)
|
|
hirsute |
Not vulnerable
(4.5+dfsg-1)
|
|
jammy |
Not vulnerable
(4.5+dfsg-1)
|
|
xenial |
Needed
|
|
kinetic |
Not vulnerable
(4.5+dfsg-1)
|
|
lunar |
Not vulnerable
(4.5+dfsg-1)
|
|
zesty |
Ignored
(end of life)
|
|
mantic |
Not vulnerable
(4.5+dfsg-1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.6 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Changed |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |