An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.
References
Link | Resource |
---|---|
https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb | Exploit Third Party Advisory |
Configurations
Information
Published : 2017-05-05 11:29
Updated : 2017-05-17 09:54
NVD link : CVE-2017-8794
Mitre link : CVE-2017-8794
JSON object : View
CWE
CWE-918
Server-Side Request Forgery (SSRF)
Products Affected
accellion
- file_transfer_appliance