CVE-2017-0929
published 2018-07-03CVE-2017-0929: DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access…
PriorityP277high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.54%
95.7th percentile
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dnnsoftware | dnn.platform | < 9.13.8 | 9.13.8 |
| dnnsoftware | dotnetnuke | < 9.2.0 | 9.2.0 |
| dnnsoftware | dotnetnuke | < 9.13.8 | 9.13.8 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SSRF exploitation attempts against DnnImageHandler by monitoring GET requests to /DnnImageHandler.ashx with a 'url' parameter pointing to external/internal hosts ↗
- →A successful SSRF probe returns HTTP 500 status code from the DNN server while the out-of-band callback is received over HTTP — match both conditions together ↗
- →The vulnerable parameter is 'mode=file' combined with 'url=' in the query string of DnnImageHandler.ashx; alert on any external or RFC-1918 address supplied to the url parameter ↗
- ·The Nuclei template uses an out-of-band (interactsh) callback to confirm exploitation; detection based solely on HTTP 500 response without OOB confirmation may produce false positives ↗
- ·Vulnerability affects DNN versions strictly before 9.2.0; instances already patched to 9.2.0 or later are not affected ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
ghsa·2025-04-09·CVSS 7.5
CVE-2025-32372 [HIGH] CWE-918 DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.
### Impact
This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls.
OSV
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
osv·2025-04-09·CVSS 7.5
CVE-2025-32372 [HIGH] DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)
A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.
### Impact
This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls.
GHSA
High severity vulnerability that affects DotNetNuke.Core
ghsa·2018-10-16
CVE-2017-0929 [HIGH] CWE-918 High severity vulnerability that affects DotNetNuke.Core
High severity vulnerability that affects DotNetNuke.Core
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
OSV
High severity vulnerability that affects DotNetNuke.Core
osv·2018-10-16
CVE-2017-0929 [HIGH] High severity vulnerability that affects DotNetNuke.Core
High severity vulnerability that affects DotNetNuke.Core
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
VulnCheck
dnnsoftware DotNetNuke (DNN) Server-Side Request Forgery (SSRF)
vulncheck·2017·CVSS 7.5
CVE-2017-0929 [HIGH] dnnsoftware DotNetNuke (DNN) Server-Side Request Forgery (SSRF)
dnnsoftware DotNetNuke (DNN) Server-Side Request Forgery (SSRF)
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
Affected: dnnsoftware DotNetNuke (DNN)
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip; https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389; https://www.greynoise.io/blog/new-ssrf
No detection rules found.
Nuclei
DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
nuclei·CVSS 7.5
CVE-2017-0929 [HIGH] DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
Template:
id: CVE-2017-0929
info:
name: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
author: charanrayudu,meme-lord
severity: high
description: DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
impact: |
An attacker can exploit this vulnerability to bypass security controls, access internal resources, and potentially perform further attacks.
remediation: |
Greynoiseio
New SSRF Exploitation Surge Serves as a Reminder of 2019 Capital One Breach
blogs_greynoiseio·2025-03-11
New SSRF Exploitation Surge Serves as a Reminder of 2019 Capital One Breach
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
HackerOne
https://████████ Impacted by DNN ImageHandler SSRF
hackerone·2019-10-08
[CRITICAL] https://████████ Impacted by DNN ImageHandler SSRF
https://████████ Impacted by DNN ImageHandler SSRF
Summary:
https://███████ runs DNN 8.0.0 to 9.1.1 and is impacted by CVE 2017-0929 allowing for a SSRF through the DNN ImageHandler. Origin servers will request any image file supplied by the attacker. This allows for internal NIPR sites to be mapped and accessed through a vulnerable host. The attack is limited by file extension.
Impact
Vulnerable site allows interaction with internal NIPR sites. Pulling default image files from internal NIPR sites verifies the site is online and responsive. Discloses origin IP addresses, and could be manipulated further. This could also be used as a defacement technique making the sight display images of radical ideologies or pornography.
Step-by-step Reproduction Instructions
Access the DNN image handl
2018-07-03
Published
Exploited in the wild