Vulnerability Description
DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dokuwiki | Dokuwiki | <= 2016-06-26a |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94237
- https://github.com/splitbrain/dokuwiki/issues/1709ExploitVendor Advisory
- http://www.securityfocus.com/bid/94237
- https://github.com/splitbrain/dokuwiki/issues/1709ExploitVendor Advisory
FAQ
What is CVE-2016-7965?
CVE-2016-7965 is a vulnerability with a CVSS score of 6.5 (MEDIUM). DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can chan...
How severe is CVE-2016-7965?
CVE-2016-7965 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7965?
Check the references section above for vendor advisories and patch information. Affected products include: Dokuwiki Dokuwiki.