High severity7.4NVD Advisory· Published Jan 12, 2016· Updated May 6, 2026

CVE-2015-8400

Description

The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.

Affected products

Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Shellinabox Project/Shellinabox
cpe:2.3:a:shellinabox_project:shellinabox:*:*:*:*:*:*:*:*
Range: <=2.18

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/shellinabox/shellinabox/releases/tag/v2.19nvdPatch
github.com/shellinabox/shellinabox/issues/355nvdVendor Advisory
lists.fedoraproject.org/pipermail/package-announce/2016-January/175117.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2016-January/175224.htmlnvd
www.openwall.com/lists/oss-security/2015/12/02/6nvd
www.openwall.com/lists/oss-security/2015/12/02/7nvd

News mentions

No linked articles in our index yet.

cvss	0.481
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000