Description

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.

Remediation

References

CVE-2016-8627

Related Vulnerabilities

WordPress Plugin ReFlex Gallery Cross-Site Scripting (3.1.4)

MySQL Resource Management Errors Vulnerability (CVE-2010-3678)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.2.727)

WordPress Plugin Magic Fields 2 Unspecified Vulnerability (2.3.2.2)

WordPress Plugin Video Conferencing with Zoom Cross-Site Scripting (3.8.15)

Severity

Medium

Classification

CVE-2016-8627 CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities