Lucene search

K
cveHackeroneCVE-2016-10690
HistoryJun 04, 2018 - 4:29 p.m.

CVE-2016-10690

2018-06-0416:29:02
CWE-311
CWE-310
hackerone
web.nvd.nist.gov
38
openframe-ascii-image
ascii images
fim
vulnerability
mitm
rce
cve-2016-10690
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

55.1%

openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Affected configurations

Nvd
Node
openframe-ascii-image_projectopenframe-ascii-imageMatch0.1.0node.js
VendorProductVersionCPE
openframe-ascii-image_projectopenframe-ascii-image0.1.0cpe:2.3:a:openframe-ascii-image_project:openframe-ascii-image:0.1.0:*:*:*:*:node.js:*:*

CNA Affected

[
  {
    "product": "openframe-ascii-image node module",
    "vendor": "HackerOne",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

55.1%