7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.963 High
EPSS
Percentile
99.3%
ou can verify the vulnerability by executing attached POC.
python CVE_2017_7529.py https://publishers.basicattentiontoken.org/favicon.ico
command.
All details available at
https://nvd.nist.gov/vuln/detail/CVE-2017-7529
https://gist.github.com/thehappydinoa/bc3278aea845b4f578362e9363c51115
Please do the needful.
The POC demonstrates working exploint.
In the exploit function the script ‘determines’ if the server is vulnerable based on the response. Specifically in determining if the vulnerability exists, the script sends a request with some calculated “Range” value, based on the response content. More specifically, it tries to get the byte range from 623 bytes after the full content until the last (very high number) bytes.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.963 High
EPSS
Percentile
99.3%