CVE-2019-10686

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0010%

EPSS Percentile44.10th

PublishedApr 1, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.

Affected Platforms (CPE)

📦

Ctrip

Apollo

<= 1.3.0

References & Advisories

🔗 https://github.com/ctripcorp/apollo/issues/2103

Related Vulnerabilities

CVE-2013-072810.0

Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APOLLO ECWP plugin before 13.00.0001 for Internet Explorer, Fir...

CVE-1999-149310.0

Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via i...

CVE-2017-80139.8

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwo...

CVE-2014-35799.8

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified imp...