CVE-2017-16877
published 2017-11-17CVE-2017-16877: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
PriorityP355high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
14.10%
96.1th percentile
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| next | next | >= 1.0.0 < 2.4.1 | 2.4.1 |
| zeit | next.js | < 2.4.1 | 2.4.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit path traversal via the /_next namespace by appending directory traversal sequences (../../) to reach sensitive files like /etc/passwd. A successful response returns HTTP 200 with passwd file content matching root:.*:0:0: ↗
- →Monitor HTTP GET requests to paths beginning with /_next/ or /static/ that contain ../ sequences, indicating directory traversal attempts against vulnerable Next.js instances. ↗
- →Use Shodan query 'http.html:"/_next/static"' or FOFA query 'body="/_next/static"' to identify internet-exposed Next.js instances potentially vulnerable to CVE-2017-16877. ↗
- ·Vulnerability affects only Next.js versions prior to 2.4.1. Instances running 2.4.1 or later are not affected. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Next.js Directory Traversal Vulnerability
osv·2017-12-05
CVE-2017-16877 [HIGH] Next.js Directory Traversal Vulnerability
Next.js Directory Traversal Vulnerability
Next.js before 2.4.1 has directory traversal under the `/_next` and `/static` request namespace, allowing attackers to obtain sensitive information.
GHSA
Next.js Directory Traversal Vulnerability
ghsa·2017-12-05
CVE-2017-16877 [HIGH] CWE-22 Next.js Directory Traversal Vulnerability
Next.js Directory Traversal Vulnerability
Next.js before 2.4.1 has directory traversal under the `/_next` and `/static` request namespace, allowing attackers to obtain sensitive information.
No detection rules found.
Nuclei
Nextjs <2.4.1 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2017-16877 [HIGH] Nextjs <2.4.1 - Local File Inclusion
Nextjs <2.4.1 - Local File Inclusion
ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information.
Template:
id: CVE-2017-16877
info:
name: Nextjs <2.4.1 - Local File Inclusion
author: pikpikcu
severity: high
description: ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
remediation: |
Upgrade Nextjs to version 2.4.1 or above to mitigate this vulnerability.
reference:
- https://medium.com/@theRaz0r/ar
No writeups or analysis indexed.
2017-11-17
Published