CVE-2018-5763

An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.
References
Link Resource
https://oxidforge.org/en/security-bulletin-2018-001.html Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:rc2:*:*:enterprise:*:*:*
cpe:2.3:a:oxid-esales:eshop:6.0.0:rc3:*:*:enterprise:*:*:*

History

No history.

Information

Published : 2018-02-19 21:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-5763

Mitre link : CVE-2018-5763

CVE.ORG link : CVE-2018-5763


JSON object : View

Products Affected

oxid-esales

  • eshop
CWE
CWE-20

Improper Input Validation