CVE-2018-5763

{"id": "CVE-2018-5763", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2018-02-19T21:29:00.333", "references": [{"url": "https://oxidforge.org/en/security-bulletin-2018-001.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://oxidforge.org/en/security-bulletin-2018-001.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used."}, {"lang": "es", "value": "Se ha descubierto un problema en OXID eShop Enterprise Edition en versiones anteriores a la 5.3.7 y en versiones 6.x anteriores a la 6.0.1. Al introducir URL especialmente manipuladas, un atacante puede hacer que el servidor de la tienda se estanque y, por lo tanto, deje de funcionar. Esto solo es v\u00e1lido si OXID High Performance Option est\u00e1 activado y se emplea Varnish."}], "lastModified": "2024-11-21T04:09:20.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "523FEBA1-AF39-4828-9C29-72A036A035A6", "versionEndExcluding": "5.3.7"}, {"criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "05A19820-1BB2-411B-89FD-7670AB7C280D"}, {"criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "A019B397-0B3D-4BC2-BD89-D704718D9ED0"}, {"criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc2:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "D361898B-F113-4D5E-8ABD-ACCE5DF36FEC"}, {"criteria": "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc3:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "37DCBF08-6CF5-4F6F-9547-6651F3D0C1C6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}