Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-10686

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.8%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 7.5
Products affected by CVE-2019-10686
  • Ctrip » Apollo » Version: 0.10.0
    cpe:2.3:a:ctrip:apollo:0.10.0
  • Ctrip » Apollo » Version: 0.10.1
    cpe:2.3:a:ctrip:apollo:0.10.1
  • Ctrip » Apollo » Version: 0.10.2
    cpe:2.3:a:ctrip:apollo:0.10.2
  • Ctrip » Apollo » Version: 0.11.0
    cpe:2.3:a:ctrip:apollo:0.11.0
  • Ctrip » Apollo » Version: 0.4.0
    cpe:2.3:a:ctrip:apollo:0.4.0
  • Ctrip » Apollo » Version: 0.5.0
    cpe:2.3:a:ctrip:apollo:0.5.0
  • Ctrip » Apollo » Version: 0.6.0
    cpe:2.3:a:ctrip:apollo:0.6.0
  • Ctrip » Apollo » Version: 0.6.2
    cpe:2.3:a:ctrip:apollo:0.6.2
  • Ctrip » Apollo » Version: 0.6.3
    cpe:2.3:a:ctrip:apollo:0.6.3
  • Ctrip » Apollo » Version: 0.7.0
    cpe:2.3:a:ctrip:apollo:0.7.0
  • Ctrip » Apollo » Version: 0.8.0
    cpe:2.3:a:ctrip:apollo:0.8.0
  • Ctrip » Apollo » Version: 0.9.0
    cpe:2.3:a:ctrip:apollo:0.9.0
  • Ctrip » Apollo » Version: 0.9.1
    cpe:2.3:a:ctrip:apollo:0.9.1
  • Ctrip » Apollo » Version: 1.0.0
    cpe:2.3:a:ctrip:apollo:1.0.0
  • Ctrip » Apollo » Version: 1.1.0
    cpe:2.3:a:ctrip:apollo:1.1.0
  • Ctrip » Apollo » Version: 1.1.1
    cpe:2.3:a:ctrip:apollo:1.1.1
  • Ctrip » Apollo » Version: 1.1.2
    cpe:2.3:a:ctrip:apollo:1.1.2
  • Ctrip » Apollo » Version: 1.2.0
    cpe:2.3:a:ctrip:apollo:1.2.0
  • Ctrip » Apollo » Version: 1.3.0
    cpe:2.3:a:ctrip:apollo:1.3.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved