CVE-2017-5614
Published: 3 March 2017
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
Priority
Status
Package | Release | Status |
---|---|---|
cgiemail Launchpad, Ubuntu, Debian |
upstream |
Released
(1.6-37+deb7u1)
|
precise |
Released
(1.6-37+deb7u1build0.12.04.1)
|
|
trusty |
Does not exist
(trusty was released [1.6-37+deb7u1build0.14.04.1])
|
|
xenial |
Released
(1.6-37+deb7u1build0.16.04.1)
|
|
yakkety |
Released
(1.6-37+deb7u1build0.16.10.1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |