CVE-2018-3714
published 2018-06-07CVE-2018-3714: node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file…
PriorityP348medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
8.63%
94.4th percentile
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hackerone | node-srv_node_module | — | — |
| hackerone | node-srv_node_module | >= 0 < 2.1.1 | 2.1.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP GET requests containing path traversal sequences targeting /node_modules/../../../../../etc/passwd in the URL, which is the exploitation path for this LFI vulnerability in node-srv. ↗
- →A successful exploitation response will return HTTP 200 with a body matching the pattern 'root:.*:0:0:', indicating /etc/passwd content was returned. ↗
- →The vulnerability is triggered via a crafted URL with no authentication required beyond a low-privilege user (CVSS PR:L), targeting the node-srv Node.js module due to lack of URL validation. ↗
- ·The traversal payload anchors from /node_modules/ as the starting point; the depth of traversal (../../../../..) may vary depending on the deployment directory depth of the node-srv application. ↗
- ·Detection via /etc/passwd regex is Linux/Unix-specific; Windows deployments would require a different target file and response pattern. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Path Traversal in node-srv
osv·2018-07-26
CVE-2018-3714 [MEDIUM] Path Traversal in node-srv
Path Traversal in node-srv
Versions of `node-srv` before 2.1.1 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses `node-srv`.
## Recommendation
Update to version 2.1.1 or later.
GHSA
Path Traversal in node-srv
ghsa·2018-07-26
CVE-2018-3714 [MEDIUM] CWE-22 Path Traversal in node-srv
Path Traversal in node-srv
Versions of `node-srv` before 2.1.1 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses `node-srv`.
## Recommendation
Update to version 2.1.1 or later.
No detection rules found.
Nuclei
node-srv - Local File Inclusion
nuclei·CVSS 6.5
CVE-2018-3714 [MEDIUM] node-srv - Local File Inclusion
node-srv - Local File Inclusion
node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path.
Template:
id: CVE-2018-3714
info:
name: node-srv - Local File Inclusion
author: madrobot
severity: medium
description: node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the node-srv application.
reference
No writeups or analysis indexed.
2018-06-07
Published