ByteOS Network

NVD Vulnerability Details :

CVE-2018-10220

Modified

Source-cve@mitre.org

Published At-19 Apr, 2018 | 08:29

Updated At-17 May, 2024 | 01:21

Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

mushmush>>glastopf>>3.1.3

cpe:2.3:a:mushmush:glastopf:3.1.3:dev:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-918	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/mushorg/glastopf/issues/286	cve@mitre.org	Exploit Issue Tracking Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History