Vulnerability Details : CVE-2017-12784
Potential exploit
In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787.
Vulnerability category: Input validation
Products affected by CVE-2017-12784
- cpe:2.3:a:ccfile:cc_file_transfer:3.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12784
2.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12784
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-12784
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12784
-
https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view
ccfile_public_reference.txt - Google DriveExploit;Third Party Advisory
Jump to