Candidate: CVE-2015-8400
PublicDate: 2016-01-12 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8400
 http://www.openwall.com/lists/oss-security/2015/12/02/7
Description:
 The HTTPS fallback implementation in Shell In A Box (aka shellinabox)
 before 2.19 makes it easier for remote attackers to conduct DNS rebinding
 attacks via the "/plain" URL.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/shellinabox/shellinabox/issues/355
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8400
Priority: low
Discovered-by: Stephen Roettger
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N [7.4 HIGH]

Patches_shellinabox:
upstream_shellinabox: needs-triage
precise_shellinabox: DNE
trusty_shellinabox: released (2.14-1ubuntu0.1)
trusty/esm_shellinabox: DNE (trusty was released [2.14-1ubuntu0.1])
vivid_shellinabox: ignored (reached end-of-life)
vivid/stable-phone-overlay_shellinabox: DNE
vivid/ubuntu-core_shellinabox: DNE
wily_shellinabox: ignored (reached end-of-life)
xenial_shellinabox: not-affected (2.19)
devel_shellinabox: not-affected