Vulnerability Description
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zabbix | Zabbix | <= 2.2.20 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2019/03/msg00010.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html
- https://support.zabbix.com/browse/ZBX-10272ExploitVendor Advisory
- https://support.zabbix.com/browse/ZBX-13133Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2019/03/msg00010.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html
- https://support.zabbix.com/browse/ZBX-10272ExploitVendor Advisory
- https://support.zabbix.com/browse/ZBX-13133Vendor Advisory
FAQ
What is CVE-2016-10742?
CVE-2016-10742 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
How severe is CVE-2016-10742?
CVE-2016-10742 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10742?
Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix, Debian Debian Linux.