Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2017-17520
HistoryDec 14, 2017 - 4:00 p.m.

CVE-2017-17520

2017-12-1416:00:00
mitre
www.cve.org
8

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

54.5%

JSON

tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs.

Related

redhatcve 1
ubuntucve 1
prion 1
cve 1
nvd 1
vulnrichment 1
debiancve 1
redhatcve
redhatcve
CVE-2017-17520
2022-05-20 23:37:58
ubuntucve
ubuntucve
CVE-2017-17520
2017-12-14 00:00:00
prion
prion
Design/Logic Flaw
2017-12-14 16:29:00
cve
cve
CVE-2017-17520
2017-12-14 16:29:00
nvd
nvd
CVE-2017-17520
2017-12-14 16:29:00
vulnrichment
vulnrichment
CVE-2017-17520
2017-12-14 16:00:00
debiancve
debiancve
CVE-2017-17520
2017-12-14 16:29:00

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

54.5%

JSON
Related for CVELIST:CVE-2017-17520
redhatcve1ubuntucve1prion1cve1nvd1vulnrichment1debiancve1