CVE-2018-5763

MEDIUM

OXID eShop Enterprise Edition < 5.3.7 and 6.x < 6.0.1 - Denial of Service via Crafted URLs

Title source: llm
STIX 2.1

Description

An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.

References (1)

Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://oxidforge.org/en/security-bulletin-2018-001.html

Scores

CVSS v3 5.9
EPSS 0.0109
EPSS Percentile 61.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (2)
oxid-esales/eshop 6.0.0 (4 CPE variants)
oxid-esales/eshop < 5.3.7
Published Feb 19, 2018
Tracked Since Feb 18, 2026