The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade silverstripe/framework
to version 4.4.7, 4.5.4, 3.7.5 or higher.
silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.
Affected versions of this package are vulnerable to Cache Poisoning. Silverstripe CMS sites which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url
and X-HTTP-Method-Override
headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.
Silverstripe CMS also supports an alternative means to override a request's HTTP method by including a _method
parameter in a POST request. This behaves similarly to the X-HTTP-Method-Override
headers and is susceptible to the same vulnerability.
The impact of this vulnerability depends on how you are using request data. The risk potential increases when your site allows user contributed content (such as comments or wiki-style pages).
In addition to public cache headers such as Cache-Control: max-age=<age>
, there needs to be an intermediary HTTP cache between the website user and the server. This role is often filled by Content Delivery Networks (CDNs) and system components such as Varnish, but can also appear in the user's own network path (corporate proxies).