CVE-2018-5763

Published: Feb 19, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.

Affected (5)

Products: Oxid Esales: Eshop

Oxid Esales

1 product

Eshop

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Oxid Esales Eshop	Before 5.3.7
Oxid Esales Eshop	Version 6.0.0
Oxid Esales Eshop	Version 6.0.0 rc1
Oxid Esales Eshop	Version 6.0.0 rc2
Oxid Esales Eshop	Version 6.0.0 rc3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://oxidforge.org/en/security-bulletin-2018-001.html

Source: cve@mitre.org

MitigationVendor Advisory

https://oxidforge.org/en/security-bulletin-2018-001.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.