CVE-2018-5763
MEDIUMOXID eShop Enterprise Edition < 5.3.7 and 6.x < 6.0.1 - Denial of Service via Crafted URLs
Title source: llmDescription
An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://oxidforge.org/en/security-bulletin-2018-001.html
Scores
CVSS v3
5.9
EPSS
0.0109
EPSS Percentile
61.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (2)
oxid-esales/eshop
6.0.0 (4 CPE variants)
oxid-esales/eshop
< 5.3.7
Published
Feb 19, 2018
Tracked Since
Feb 18, 2026