CVE-2016-4029 in WordPressinfo

Summary

WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

04/15/2016

Disclosure

08/07/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
90607WordPress Intranet Address improper authorization285Not definedOfficial fixCVE-2016-4029

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext