CVE-2017-8794

Exploit

EPSS 0.32%
Published 05.05.2017 18:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Accellion ≫ File Transfer Appliance Version <= 9_12_40

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.523

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	3.9	5.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2017-8794

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8794

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8794

EUVD