CVE Vulnerability

CVE-2018-5763

An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

5.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://oxidforge.org/en/security-bulletin-2018-001.html Mitigation Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:rc2:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:rc3:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*
Information

Published : 2018-02-19 09:29

Updated : 2018-03-20 05:26

NVD link : CVE-2018-5763

Mitre link : CVE-2018-5763

Products Affected
No products.
CWE
CWE-20