UBUNTU-CVE-2016-7903

Source
https://ubuntu.com/security/CVE-2016-7903
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7903.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-7903
Related
Published
2017-01-04T21:59:00Z
Modified
2025-01-13T10:21:16Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

References

Affected packages

Ubuntu:Pro:16.04:LTS / dotclear

Package

Name
dotclear
Purl
pkg:deb/ubuntu/dotclear@2.8.0+dfsg-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.5+dfsg-1
2.8.0+dfsg-1
2.8.0+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}