DokuWiki up to 2016-06-26a Password Reset $_SERVER[HTTP_HOST] input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
A vulnerability classified as critical has been found in DokuWiki up to 2016-06-26a (Content Management System). This affects an unknown code of the component Password Reset. The manipulation of the argument $_SERVER[HTTP_HOST] with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on confidentiality, and integrity. The summary by CVE is:
DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server).
The weakness was published 10/31/2016 (Website). It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2016-7965 since 09/09/2016. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. Technical details of the vulnerability are known, but there is no available exploit.
The commercial vulnerability scanner Qualys is able to test this issue with plugin 11734 (DokuWiki Server Side Request Forgery and Password Reset Address Spoof Vulnerabilities).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Similar entry is available at 93194.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.5
VulDB Base Score: 6.5
VulDB Temp Score: 6.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
OpenVAS ID: 61362
OpenVAS Name: DokuWiki Password Reset Address Spoof And SSRF Vulnerabilities
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
09/09/2016 🔍10/31/2016 🔍
10/31/2016 🔍
10/31/2016 🔍
10/31/2016 🔍
09/29/2022 🔍
Sources
Advisory: 1709Status: Not defined
Confirmation: 🔍
CVE: CVE-2016-7965 (🔍)
SecurityFocus: 94237 - DokuWiki CVE-2016-7965 Host Address Spoofing Vulnerability
See also: 🔍
Entry
Created: 10/31/2016 16:15Updated: 09/29/2022 08:19
Changes: 10/31/2016 16:15 (56), 05/21/2019 10:45 (13), 09/29/2022 08:19 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.