oss-sec mailing list archives

Re: SPIP vulnerabilities: request for 5 CVE

From: cve-assign () mitre org
Date: Sat, 8 Oct 2016 11:34:29 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

* Template Compiler/Composer PHP Code Execution
https://core.spip.net/projects/spip/repository/revisions/23186
https://core.spip.net/projects/spip/repository/revisions/23189
https://core.spip.net/projects/spip/repository/revisions/23192


Use CVE-2016-7998.

* Server Side Request Forgery
https://core.spip.net/projects/spip/repository/revisions/23188
https://core.spip.net/projects/spip/repository/revisions/23193


(In other words, the :// substring is rejected to prevent
outbound network traffic.)

Use CVE-2016-7999.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX+RA3AAoJEHb/MwWLVhi2GqIQAKupTLee7N5Q7UpyJJkiM8ek
CHcI1zwsMiH1MKmXkUCxiSW12C7Av9D9AW057G7N18HmL8bIuRHwBUDtsFq6zlAQ
526Vm7CJDRuO74UK2ximr47KodVBd09fJonRl7MPEDXgllppCvkmh/1ctKTdrJ8+
6DKd5ErXO/zoAWFIgfXwXllYBFKnzrH9gqYJO8X1T5UFQ/Mka6WDzkVH83h4D96e
8dcrHT9yISaF8kyPf/qwrkgxEzXE4lfECZZI4sVI4lu1KCVAtx07DiWXAT+D7VW2
BuTylk9PxONmGmL6ZTeYSEOSYT+QqheBn2ZniSpS4r7M9dAytKtjxFSR2a3AFXu9
9F6uyTdOcKJZv1hhBg6O6eGYQlip83KvySAXm+USPd90oU3DDEqhisVl211ZNqWj
pj4Pl8gTAftRWlZz//URJvpwATa1r0hl1fnuBdQxnfdoPvhiMNqQBBu8BICJXTby
Hc9A/6RLMX4kFmzg+ReqTnFlg2xGroplayg8u/oAH/C0c5tId9m34i2/rX1B9naY
lfpjHADIejCh+FEU6uR23lza6UR8cgNYwrSaexED1y6tG9ec1RdtpohAL9WKf0Kx
BqwWCoKLZYYisfQMtGfD4F4/Qp08F68QkAslfz1xXqeYv1wlHIEDI9xKXpc/fovM
mLEFfwUdXnAHGHUyumCj
=v5y8
-----END PGP SIGNATURE-----

Current thread:

SPIP vulnerabilities: request for 5 CVE Sysdream Labs (Oct 05)
- Re: SPIP vulnerabilities: request for 5 CVE cve-assign (Oct 06)
  - Re: SPIP vulnerabilities: request for 5 CVE Sysdream Labs (Oct 07)
    - Re: SPIP vulnerabilities: request for 5 CVE cve-assign (Oct 08)