CVE-2016-7964

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dokuwiki
cosmic
ignored
bionic
ignored
artful
ignored
zesty
ignored
yakkety
ignored
xenial
ignored
trusty
dne
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94245
https://github.com/splitbrain/dokuwiki/issues/1708
http://www.securityfocus.com/bid/94245
https://github.com/splitbrain/dokuwiki/issues/1708