An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy.
References
Link | Resource |
---|---|
https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb | Exploit Third Party Advisory |
https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb - Exploit, Third Party Advisory |
Information
Published : 2017-05-05 18:29
Updated : 2024-11-21 03:34
NVD link : CVE-2017-8793
Mitre link : CVE-2017-8793
CVE.ORG link : CVE-2017-8793
JSON object : View
Products Affected
accellion
- file_transfer_appliance
CWE
CWE-346
Origin Validation Error