Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-16224

st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e").
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
Products affected by CVE-2017-16224
  • St Project » St » Version: 0.0.1
    cpe:2.3:a:st_project:st:0.0.1
  • St Project » St » Version: 0.0.10
    cpe:2.3:a:st_project:st:0.0.10
  • St Project » St » Version: 0.0.11
    cpe:2.3:a:st_project:st:0.0.11
  • St Project » St » Version: 0.0.12
    cpe:2.3:a:st_project:st:0.0.12
  • St Project » St » Version: 0.0.2
    cpe:2.3:a:st_project:st:0.0.2
  • St Project » St » Version: 0.0.3
    cpe:2.3:a:st_project:st:0.0.3
  • St Project » St » Version: 0.0.4
    cpe:2.3:a:st_project:st:0.0.4
  • St Project » St » Version: 0.0.5
    cpe:2.3:a:st_project:st:0.0.5
  • St Project » St » Version: 0.0.6
    cpe:2.3:a:st_project:st:0.0.6
  • St Project » St » Version: 0.0.7
    cpe:2.3:a:st_project:st:0.0.7
  • St Project » St » Version: 0.0.8
    cpe:2.3:a:st_project:st:0.0.8
  • St Project » St » Version: 0.0.9
    cpe:2.3:a:st_project:st:0.0.9
  • St Project » St » Version: 0.1.0
    cpe:2.3:a:st_project:st:0.1.0
  • St Project » St » Version: 0.1.1
    cpe:2.3:a:st_project:st:0.1.1
  • St Project » St » Version: 0.1.2
    cpe:2.3:a:st_project:st:0.1.2
  • St Project » St » Version: 0.1.3
    cpe:2.3:a:st_project:st:0.1.3
  • St Project » St » Version: 0.1.4
    cpe:2.3:a:st_project:st:0.1.4
  • St Project » St » Version: 0.2.0
    cpe:2.3:a:st_project:st:0.2.0
  • St Project » St » Version: 0.2.1
    cpe:2.3:a:st_project:st:0.2.1
  • St Project » St » Version: 0.2.2
    cpe:2.3:a:st_project:st:0.2.2
  • St Project » St » Version: 0.2.3
    cpe:2.3:a:st_project:st:0.2.3
  • St Project » St » Version: 0.2.4
    cpe:2.3:a:st_project:st:0.2.4
  • St Project » St » Version: 0.2.5
    cpe:2.3:a:st_project:st:0.2.5
  • St Project » St » Version: 0.2.6
    cpe:2.3:a:st_project:st:0.2.6
  • St Project » St » Version: 0.3.0
    cpe:2.3:a:st_project:st:0.3.0
  • St Project » St » Version: 0.3.1
    cpe:2.3:a:st_project:st:0.3.1
  • St Project » St » Version: 0.3.2
    cpe:2.3:a:st_project:st:0.3.2
  • St Project » St » Version: 0.4.0
    cpe:2.3:a:st_project:st:0.4.0
  • St Project » St » Version: 0.4.1
    cpe:2.3:a:st_project:st:0.4.1
  • St Project » St » Version: 0.5.0
    cpe:2.3:a:st_project:st:0.5.0
  • St Project » St » Version: 0.5.1
    cpe:2.3:a:st_project:st:0.5.1
  • St Project » St » Version: 0.5.2
    cpe:2.3:a:st_project:st:0.5.2
  • St Project » St » Version: 0.5.3
    cpe:2.3:a:st_project:st:0.5.3
  • St Project » St » Version: 0.5.4
    cpe:2.3:a:st_project:st:0.5.4
  • St Project » St » Version: 0.5.5
    cpe:2.3:a:st_project:st:0.5.5
  • St Project » St » Version: 1.0.0
    cpe:2.3:a:st_project:st:1.0.0
  • St Project » St » Version: 1.1.0
    cpe:2.3:a:st_project:st:1.1.0
  • St Project » St » Version: 1.2.0
    cpe:2.3:a:st_project:st:1.2.0
  • St Project » St » Version: 1.2.1
    cpe:2.3:a:st_project:st:1.2.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved