VDB
CVE-2016-15039
CVE-2016-15039
PUBLISHED
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajax_functions.js. The manipulation leads to http request smuggling. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named dd6e9583a2eb2ca085583765e8a63df5904cb036. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-270523.
EPSS 0.10% · 27.9th percentile
Risk Scores
EPSS Score
0.10%
27.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | phpldapadmin | 0, 1.2.2-6.1ubuntu1, 1.2.2-6.3 |
| Ubuntu:16.04:LTS | phpldapadmin | 0, 1.2.2-5.2, 1.2.2-5.2ubuntu2.1 |
| Ubuntu:18.04:LTS | phpldapadmin | 0, 1.2.2-6ubuntu1.1, 1.2.2-6ubuntu1 |
Exploit Intelligence
Timeline
- Jul 11, 2024 EPSS Score
- Jul 11, 2024 CVE Published
- Aug 2, 2024 EPSS Score
- Aug 24, 2024 EPSS Score
- Sep 15, 2024 EPSS Score
- Oct 7, 2024 EPSS Score
- Oct 29, 2024 EPSS Score
- Nov 20, 2024 EPSS Score
- Dec 13, 2024 EPSS Score
- Jan 4, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 17, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-15039 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-15039 third-party-advisory
- https://github.com/leenooks/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036 third-party-advisory
- https://vuldb.com/?id.270523 third-party-advisory
- https://vuldb.com/?ctiid.270523 third-party-advisory
- https://github.com/mhuertos/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036 third-party-advisory