Input validation error - CVE-2016-7968
Published: October 11, 2016
Vulnerability identifier: #VU837
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-7968
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to obtain remote or local URLs.
The weakness is caused by improper input validation. As HTML Mail contents were not satinized attacker can easily execute code included in the content.
Successful exploitation of the vulnerability results in access to URLs on the vulnerable system.
The weakness is caused by improper input validation. As HTML Mail contents were not satinized attacker can easily execute code included in the content.
Successful exploitation of the vulnerability results in access to URLs on the vulnerable system.
How to mitigate CVE-2016-7968
Update to version 16.08.1-2.