High severity7.4NVD Advisory· Published Jan 12, 2016· Updated Jun 17, 2026
CVE-2015-8400
CVE-2015-8400
Description
The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:shellinabox_project:shellinabox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:shellinabox_project:shellinabox:*:*:*:*:*:*:*:*range: <=2.18
- (no CPE)range: <2.19
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
6- github.com/shellinabox/shellinabox/releases/tag/v2.19nvdPatch
- github.com/shellinabox/shellinabox/issues/355nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-January/175117.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-January/175224.htmlnvd
- www.openwall.com/lists/oss-security/2015/12/02/6nvd
- www.openwall.com/lists/oss-security/2015/12/02/7nvd
News mentions
0No linked articles in our index yet.