CVE-2016-7903

NameCVE-2016-7903
DescriptionDotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dotclearsource(unstable)(unfixed)

Notes

Fixed by: https://hg.dotclear.org/dotclear/rev/bb06343f4247

Search for package or bug name: Reporting problems