CVE-2017-9543
published 2017-06-12CVE-2017-9543: register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.33%
67.6th percentile
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| echatserver | easy_chat_server | 2.0 – 3.1 | — |
| openstack | nova | >= 0 < 2:17.0.13-0ubuntu5.3 | 2:17.0.13-0ubuntu5.3 |
| openstack | nova | >= 0 < 2:21.2.4-0ubuntu2.2 | 2:21.2.4-0ubuntu2.2 |
| openstack | nova | >= 0 < 2:13.1.4-0ubuntu4.5+esm1 | 2:13.1.4-0ubuntu4.5+esm1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
nova vulnerabilities
osv·2023-02-13·CVSS 3.3
CVE-2015-9543 nova vulnerabilities
nova vulnerabilities
It was discovered that Nova did not properly manage data logged into the
log file. An attacker with read access to the service's logs could exploit
this issue and may obtain sensitive information. This issue only affected
Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2015-9543)
It was discovered that Nova did not properly handle attaching and
reattaching the encrypted volume. An attacker could possibly use this issue
to perform a denial of service attack. This issue only affected Ubuntu
16.04 ESM. (CVE-2017-18191)
It was discovered that Nova did not properly handle the updation of domain
XML after live migration. An attacker could possibly use this issue to
corrupt the volume or perform a denial of service attack. This issue only
affected Ubuntu 18.04 LTS. (CVE-2020-1
GHSA
GHSA-mmx4-rrqx-q94x: register
ghsa_unreviewed·2022-05-13
CVE-2017-9543 [HIGH] CWE-640 GHSA-mmx4-rrqx-q94x: register
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-06-12
Published