CVE-2021-4000
published 2021-12-03CVE-2021-4000: showdoc is vulnerable to URL Redirection to Untrusted Site
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.82%
52.7th percentile
showdoc is vulnerable to URL Redirection to Untrusted Site
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adc | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | sd-wan | — | — |
| showdoc | showdoc | 0 – 2.9.13 | — |
| star7th | star7th_showdoc | >= unspecified < 2.9.13 | 2.9.13 |
| ws_project | ws | >= 5.0.0 < 5.2.3 | 5.2.3 |
| ws_project | ws | >= 6.0.0 < 6.2.2 | 6.2.2 |
| ws_project | ws | >= 7.0.0 < 7.4.6 | 7.4.6 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vendor_oracle3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Open Redirect in showdoc
osv·2021-12-16
CVE-2021-4000 [MEDIUM] Open Redirect in showdoc
Open Redirect in showdoc
showdoc is vulnerable to URL Redirection to Untrusted Site
GHSA
Open Redirect in showdoc
ghsa·2021-12-16
CVE-2021-4000 [MEDIUM] CWE-601 Open Redirect in showdoc
Open Redirect in showdoc
showdoc is vulnerable to URL Redirection to Untrusted Site
GHSA
ReDoS in Sec-Websocket-Protocol header
ghsa·2021-05-28
CVE-2021-32640 [MEDIUM] CWE-345 ReDoS in Sec-Websocket-Protocol header
ReDoS in Sec-Websocket-Protocol header
### Impact
A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server.
### Proof of concept
```js
for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {
const value = 'b' + ' '.repeat(length) + 'x';
const start = process.hrtime.bigint();
value.trim().split(/ *, */);
const end = process.hrtime.bigint();
console.log('length = %d, time = %f ns', length, end - start);
}
```
### Patches
The vulnerability was fixed in [email protected] (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff) and backported to [email protected] (https://github.com/websockets/ws/commit/78c676d2a1acefbc05292e9f7ea0a9457704bf1b) and [email protected] (https://github.com/websockets/ws/commit/76d47c147900202
Citrix
CVE-2021-22920: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citr
vendor_citrix·2021-08-05·CVSS 6.5
CVE-2021-22920 [MEDIUM] CWE-284 CVE-2021-22920: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citr
CVE-2021-22920: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.
Citrix
CVE-2021-22919: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citr
vendor_citrix·2021-08-05·CVSS 7.5
CVE-2021-22919 [HIGH] CWE-770 CVE-2021-22919: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citr
CVE-2021-22919: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: User Interface (OpenSSL) — CVE-2015-4000
vendor_oracle·2021-01-15·CVSS 3.7
CVE-2015-4000 [LOW] Oracle Oracle Enterprise Manager Risk Matrix: User Interface (OpenSSL) — CVE-2015-4000
Oracle Oracle Enterprise Manager Risk Matrix: User Interface (OpenSSL) vulnerability
CVE: CVE-2015-4000
CVSS: 3.7
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2021 (JAN 2021)
No detection rules found.
No writeups or analysis indexed.
2021-12-03
Published