GSD-2017-11173
Vulnerability from gsd - Updated: 2015-07-13 00:00Details
Missing anchor in generated regex for rack-cors before 0.4.1
allows a malicious third-party site to perform CORS requests.
If the configuration were intended to allow only the trusted
example.com domain name and not the malicious example.net domain name,
then example.com.example.net (as well as example.com-example.net) would
be inadvertently allowed.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-11173",
"description": "Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.",
"id": "GSD-2017-11173",
"references": [
"https://www.debian.org/security/2017/dsa-3931"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack-cors",
"purl": "pkg:gem/rack-cors"
}
}
],
"aliases": [
"CVE-2017-11173",
"GHSA-2j9c-9vmv-7m39"
],
"details": "Missing anchor in generated regex for rack-cors before 0.4.1\nallows a malicious third-party site to perform CORS requests.\nIf the configuration were intended to allow only the trusted\nexample.com domain name and not the malicious example.net domain name,\nthen example.com.example.net (as well as example.com-example.net) would\nbe inadvertently allowed.\n",
"id": "GSD-2017-11173",
"modified": "2015-07-13T00:00:00.000Z",
"published": "2015-07-13T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cyu/rack-cors/issues/86"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Jul/22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.8,
"type": "CVSS_V2"
},
{
"score": 8.8,
"type": "CVSS_V3"
}
],
"summary": "rack-cors Gem Missing Anchor permits unauthorized CORS requests"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/22",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/22"
},
{
"name": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html"
},
{
"name": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6",
"refsource": "MISC",
"url": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6"
},
{
"name": "DSA-3931",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3931"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2017-11173",
"cvss_v2": 6.8,
"cvss_v3": 8.8,
"date": "2015-07-13",
"description": "Missing anchor in generated regex for rack-cors before 0.4.1\nallows a malicious third-party site to perform CORS requests.\nIf the configuration were intended to allow only the trusted\nexample.com domain name and not the malicious example.net domain name,\nthen example.com.example.net (as well as example.com-example.net) would\nbe inadvertently allowed.\n",
"gem": "rack-cors",
"ghsa": "2j9c-9vmv-7m39",
"patched_versions": [
"\u003e= 0.4.1"
],
"related": {
"url": [
"https://github.com/cyu/rack-cors/issues/86",
"http://seclists.org/fulldisclosure/2017/Jul/22"
]
},
"title": "rack-cors Gem Missing Anchor permits unauthorized CORS requests",
"url": "https://github.com/cyu/rack-cors/issues/86"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.4.1",
"affected_versions": "All versions before 0.4.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2020-03-03",
"description": "Missing anchor in generated regex for rack-cors allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted `example.com` domain name and not the malicious `example.net` domain name, then `example.com.example.net` (as well as `example.com-example.net)` would be inadvertently allowed.",
"fixed_versions": [
"0.4.1"
],
"identifier": "CVE-2017-11173",
"identifiers": [
"CVE-2017-11173"
],
"not_impacted": "All versions starting from 0.4.1",
"package_slug": "gem/rack-cors",
"pubdate": "2017-07-13",
"solution": "Upgrade to version 0.4.1 or above.",
"title": "Improper Access Control",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-11173",
"https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html"
],
"uuid": "b725c542-18a6-49a1-83c3-3ad367ba483e"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rack-cors_project:rack-cors:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "0.4.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11173"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html"
},
{
"name": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/22",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/22"
},
{
"name": "DSA-3931",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3931"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-03-03T19:16Z",
"publishedDate": "2017-07-13T03:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…