Vulnerability-Lookup

CNVD-2017-10783

Vulnerability from cnvd - Published: 2017-06-22

Title

EFS Easy Chat Server密码信息泄露漏洞

Description

Easy Chat Server是一个即时聊天系统。 EFS Easy Chat Server 'register.ghp'存在密码信息泄露漏洞。远程未认证的攻击者可以发送HTTP GET请求以获取任何Easy Chat Server用户密码。

Severity

中

Formal description

目前没有详细解决方案提供： http://www.echatserver.com/

Reference

https://www.exploit-db.com/exploits/42153/

Impacted products

Name
EFS Software Easy Chat Server 3.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9557"
    }
  },
  "description": "Easy Chat Server\u662f\u4e00\u4e2a\u5373\u65f6\u804a\u5929\u7cfb\u7edf\u3002\r\n\r\nEFS Easy Chat Server \u0027register.ghp\u0027\u5b58\u5728\u5bc6\u7801\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u672a\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u53d1\u9001HTTP GET\u8bf7\u6c42\u4ee5\u83b7\u53d6\u4efb\u4f55Easy Chat Server\u7528\u6237\u5bc6\u7801\u3002",
  "discovererName": "Aitezaz Mohsin",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.echatserver.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-10783",
  "openTime": "2017-06-22",
  "products": {
    "product": "EFS Software Easy Chat Server 3.1"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/42153/",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-14",
  "title": "EFS Easy Chat Server\u5bc6\u7801\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-9557 (GCVE-0-2017-9557)

Vulnerability from cvelistv5 – Published: 2017-06-12 15:00 – Updated: 2024-09-16 17:18

Summary

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://www.exploit-db.com/exploits/42153/

exploitx_refsource_EXPLOIT-DB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:11:02.151Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42153",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42153/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-12T15:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "42153",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42153/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9557",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "42153",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42153/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9557",
    "datePublished": "2017-06-12T15:00:00Z",
    "dateReserved": "2017-06-12T00:00:00Z",
    "dateUpdated": "2024-09-16T17:18:27.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-10783

CVE-2017-9557 (GCVE-0-2017-9557)

Tags

Sightings

Nomenclature