Fluid Attacks Database

Description

The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	shellinabox	>=0 <2.19	2.19
debian 14	shellinabox	>=0 <2.19	2.19
debian 12	shellinabox	>=0 <2.19	2.19
debian 11	shellinabox	>=0 <2.19	2.19

Aliases

1. CVE-2015-84002. NVD-2015-84003. OSV-DEBIAN-2015-84004. OSV-2015-84005. SECURITY-TRACKER-CVE-2015-8400

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.