VDB
CVE-2016-8627
CVE-2016-8627
PUBLISHED
CVSS 4.3 MEDIUM
Reported by redhat · Published May 11, 2018
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.
Risk Scores
CVSS v3.0
4.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| [UNKNOWN] | admin-cli | admin-cli 3.0.0.Alpha25, admin-cli 2.2.1.CR2 |
| [UNKNOWN] | admin-cli | admin-cli 3.0.0.Alpha25, *, admin-cli 3.0.0.Alpha25 |
Timeline
- May 11, 2018 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 13, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- RHSA-2017:0250 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:0171 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- RHSA-2017:3458 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:0244 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:0172 vendor-advisoryx_refsource_REDHAT
- 1037660 vdb-entryx_refsource_SECTRACK
- RHSA-2017:0246 vendor-advisoryx_refsource_REDHAT
- 95698 vdb-entryx_refsource_BID
- RHSA-2017:3455 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:3456 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:3454 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:0170 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:0245 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:0247 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:0173 vendor-advisoryx_refsource_REDHAT