Plex: >> Media Server >> 0.9.9.2 Security Vulnerabilities
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
CVSS Score
7.5
EPSS Score
0.034
Published
2014-12-07
Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.
CVSS Score
5.0
EPSS Score
0.153
Published
2014-12-02
Page 2