How severe is CVE-2017-18190?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2017-18190?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2017-18190

HIGH Year: 2017

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-290

View all →

Vulnerability Description

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).

CVE-2017-11717

HIGH

CVSS:7.5(High)

MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data strea...

CWE-2902017

CVE-2017-6405

HIGH

CVSS:7.5(High)

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.

CWE-2902017

CVE-2018-15588

HIGH

CVSS:7.5(High)

MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.

CWE-2902018

CVE-2019-11189

HIGH

CVSS:7.5(High)

Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via da...

CWE-2902019