CVE-2019-12161

2019-05-1718:47:33

mitre

www.cve.org

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.0%

JSON

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).

References

bugzilla.mozilla.org/show_bug.cgi?id=1550366