gsd-2017-11173
Vulnerability from gsd
Modified
2015-07-13 00:00
Details
Missing anchor in generated regex for rack-cors before 0.4.1
allows a malicious third-party site to perform CORS requests.
If the configuration were intended to allow only the trusted
example.com domain name and not the malicious example.net domain name,
then example.com.example.net (as well as example.com-example.net) would
be inadvertently allowed.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-11173",
"description": "Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.",
"id": "GSD-2017-11173",
"references": [
"https://www.debian.org/security/2017/dsa-3931"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack-cors",
"purl": "pkg:gem/rack-cors"
}
}
],
"aliases": [
"CVE-2017-11173",
"GHSA-2j9c-9vmv-7m39"
],
"details": "Missing anchor in generated regex for rack-cors before 0.4.1\nallows a malicious third-party site to perform CORS requests.\nIf the configuration were intended to allow only the trusted\nexample.com domain name and not the malicious example.net domain name,\nthen example.com.example.net (as well as example.com-example.net) would\nbe inadvertently allowed.\n",
"id": "GSD-2017-11173",
"modified": "2015-07-13T00:00:00.000Z",
"published": "2015-07-13T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cyu/rack-cors/issues/86"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Jul/22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.8,
"type": "CVSS_V2"
},
{
"score": 8.8,
"type": "CVSS_V3"
}
],
"summary": "rack-cors Gem Missing Anchor permits unauthorized CORS requests"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/22",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/22"
},
{
"name": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html"
},
{
"name": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6",
"refsource": "MISC",
"url": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6"
},
{
"name": "DSA-3931",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3931"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2017-11173",
"cvss_v2": 6.8,
"cvss_v3": 8.8,
"date": "2015-07-13",
"description": "Missing anchor in generated regex for rack-cors before 0.4.1\nallows a malicious third-party site to perform CORS requests.\nIf the configuration were intended to allow only the trusted\nexample.com domain name and not the malicious example.net domain name,\nthen example.com.example.net (as well as example.com-example.net) would\nbe inadvertently allowed.\n",
"gem": "rack-cors",
"ghsa": "2j9c-9vmv-7m39",
"patched_versions": [
"\u003e= 0.4.1"
],
"related": {
"url": [
"https://github.com/cyu/rack-cors/issues/86",
"http://seclists.org/fulldisclosure/2017/Jul/22"
]
},
"title": "rack-cors Gem Missing Anchor permits unauthorized CORS requests",
"url": "https://github.com/cyu/rack-cors/issues/86"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.4.1",
"affected_versions": "All versions before 0.4.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2020-03-03",
"description": "Missing anchor in generated regex for rack-cors allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted `example.com` domain name and not the malicious `example.net` domain name, then `example.com.example.net` (as well as `example.com-example.net)` would be inadvertently allowed.",
"fixed_versions": [
"0.4.1"
],
"identifier": "CVE-2017-11173",
"identifiers": [
"CVE-2017-11173"
],
"not_impacted": "All versions starting from 0.4.1",
"package_slug": "gem/rack-cors",
"pubdate": "2017-07-13",
"solution": "Upgrade to version 0.4.1 or above.",
"title": "Improper Access Control",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-11173",
"https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html"
],
"uuid": "b725c542-18a6-49a1-83c3-3ad367ba483e"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rack-cors_project:rack-cors:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "0.4.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11173"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html"
},
{
"name": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/22",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/22"
},
{
"name": "DSA-3931",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3931"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-03-03T19:16Z",
"publishedDate": "2017-07-13T03:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…