Exploit
CVE-2017-8791
Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)
Published: May 5, 2017 / Updated: 91mo ago

010

No CVSS yetEPSS 0.11%

CVE info copied to clipboard

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.

Timeline

First Article

Feedly found the first article mentioning CVE-2017-8791. See article

Nov 19, 2015 at 4:43 PM / www.circl.lu

Threat Intelligence Report

CVE-2017-8791 is a critical vulnerability found in Accellion FTA devices prior to version FTA_9_12_180, which allows for a CRLF attack vector through the home/seos/courier/login.html auth_params. As of the date noted, there are no calculated CVSS scores, and it is unclear if the vulnerability is being actively exploited in the wild or if proof-of-concept exploits exist. There is no information provided regarding mitigations, detections, patches, or potential downstream impacts on third-party vendors or technology. See article

May 8, 2017 at 2:30 PM

EPSS

EPSS Score was set to: 0.11% (Percentile: 43.1%)

Nov 17, 2023 at 10:13 AM

Affected Systems

Accellion/file_transfer_appliance

+null more

Exploits

https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb

+null more

Attack Patterns

CAPEC-15: Command Delimiters

+null more

CVSS V3.1

Unknown

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence 30-day free trial

ExploitCVE-2017-8791Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)Published: May 5, 2017 / Updated: 91mo ago

Timeline

Affected Systems

Exploits

Attack Patterns

CVSS V3.1

Categories

Be the first to know about critical vulnerabilities

Exploit
CVE-2017-8791
Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)
Published: May 5, 2017 / Updated: 91mo ago