Candidate: CVE-2016-9752
PublicDate: 2016-12-01 11:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9752
 https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html
 https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f
Description:
 In Serendipity before 2.0.5, an attacker can bypass SSRF protection by
 using a malformed IP address (e.g., http://127.1) or a 30x (aka
 Redirection) HTTP status code.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N [8.6 HIGH]

Patches_serendipity:
 upstream: https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f
upstream_serendipity: released (2.0.5)
precise_serendipity: ignored (reached end-of-life)
precise/esm_serendipity: DNE (precise was needed)
trusty_serendipity: DNE
trusty/esm_serendipity: DNE
vivid/stable-phone-overlay_serendipity: DNE
vivid/ubuntu-core_serendipity: DNE
xenial_serendipity: DNE
yakkety_serendipity: DNE
zesty_serendipity: DNE
devel_serendipity: DNE