CVE-2016-2222 - OpenCVE

The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

cpe:2.3:a:wordpress:wordpress:4.4.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.debian.org/security/2016/dsa-3472
http://www.securityfocus.com/bid/82454
http://www.securitytracker.com/id/1034933
https://codex.wordpress.org/Version_4.4.2
https://core.trac.wordpress.org/changeset/36435
https://hackerone.com/reports/110801
https://news.ycombinator.com/item?id=20433070
https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
https://wpvulndb.com/vulnerabilities/8376

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2016-05-22T01:00:00

Updated: 2024-08-05T23:24:49.043Z

Reserved: 2016-02-04T00:00:00

Link: CVE-2016-2222

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-05-22T01:59:15.273

Modified: 2017-11-04T01:29:18.413

Link: CVE-2016-2222

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-14T23:02:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://codex.wordpress.org/Version_4.4.2"}, {"name": "1034933", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034933"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/8376"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://core.trac.wordpress.org/changeset/36435"}, {"name": "82454", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/82454"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/"}, {"name": "DSA-3472", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3472"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/110801"}, {"tags": ["x_refsource_MISC"], "url": "https://news.ycombinator.com/item?id=20433070"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2016-2222", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://codex.wordpress.org/Version_4.4.2", "refsource": "CONFIRM", "url": "https://codex.wordpress.org/Version_4.4.2"}, {"name": "1034933", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034933"}, {"name": "https://wpvulndb.com/vulnerabilities/8376", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8376"}, {"name": "https://core.trac.wordpress.org/changeset/36435", "refsource": "CONFIRM", "url": "https://core.trac.wordpress.org/changeset/36435"}, {"name": "82454", "refsource": "BID", "url": "http://www.securityfocus.com/bid/82454"}, {"name": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/", "refsource": "CONFIRM", "url": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/"}, {"name": "DSA-3472", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3472"}, {"name": "https://hackerone.com/reports/110801", "refsource": "MISC", "url": "https://hackerone.com/reports/110801"}, {"name": "https://news.ycombinator.com/item?id=20433070", "refsource": "MISC", "url": "https://news.ycombinator.com/item?id=20433070"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:24:49.043Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://codex.wordpress.org/Version_4.4.2"}, {"name": "1034933", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034933"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/8376"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://core.trac.wordpress.org/changeset/36435"}, {"name": "82454", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/82454"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/"}, {"name": "DSA-3472", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3472"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/110801"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://news.ycombinator.com/item?id=20433070"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-2222", "datePublished": "2016-05-22T01:00:00", "dateReserved": "2016-02-04T00:00:00", "dateUpdated": "2024-08-05T23:24:49.043Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "AAA8C3E8-5B27-4F32-91C7-1385D9559221", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php."}, {"lang": "es", "value": "La funci\u00f3n wp_http_validate_url en wp-includes/http.php en WordPress en versiones anteriores a 4.4.2 permite a atacantes remotos llevar a cabo ataques SSRF a trav\u00e9s de un valor cero en el primer octeto de una direcci\u00f3n IPv4 en el par\u00e1metro u para wp-admin / press-this.php."}], "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/918.html\">CWE-918: Server-Side Request Forgery (SSRF)</a>", "id": "CVE-2016-2222", "lastModified": "2017-11-04T01:29:18.413", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-22T01:59:15.273", "references": [{"source": "security@debian.org", "url": "http://www.debian.org/security/2016/dsa-3472"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/82454"}, {"source": "security@debian.org", "url": "http://www.securitytracker.com/id/1034933"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "https://codex.wordpress.org/Version_4.4.2"}, {"source": "security@debian.org", "url": "https://core.trac.wordpress.org/changeset/36435"}, {"source": "security@debian.org", "tags": ["Exploit"], "url": "https://hackerone.com/reports/110801"}, {"source": "security@debian.org", "url": "https://news.ycombinator.com/item?id=20433070"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/"}, {"source": "security@debian.org", "url": "https://wpvulndb.com/vulnerabilities/8376"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}