CVE-2017-5614

{"id": "CVE-2017-5614", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-03-03T15:59:00.960", "references": [{"url": "http://www.openwall.com/lists/oss-security/2017/01/28/8", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/95870", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n abierta en cgiemail y cgiecho permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de vectores que involucran el par\u00e1metro (1) success o (2) failure."}], "lastModified": "2019-10-31T02:45:21.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024", "versionEndExcluding": "11.54.0.36", "versionStartIncluding": "11.54.0.0"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22", "versionEndExcluding": "56.0.43", "versionStartIncluding": "55.9999.61"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0", "versionEndExcluding": "58.0.43", "versionStartIncluding": "57.9999.48"}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0", "versionEndExcluding": "60.0.35", "versionStartIncluding": "59.9999.58"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}