Vulnerability Details CVE-2017-17055
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.061
EPSS Ranking 90.5%
CVSS Severity
CVSS v3 Score 9.0
CVSS v2 Score 8.5
References
- http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt
- http://packetstormsecurity.com/files/145183/Artica-Web-Proxy-3.06.112216-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2017/Dec/3
- https://www.exploit-db.com/exploits/43206/
- http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt
- http://packetstormsecurity.com/files/145183/Artica-Web-Proxy-3.06.112216-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2017/Dec/3
- https://www.exploit-db.com/exploits/43206/
Products affected by CVE-2017-17055
-
cpe:2.3:a:articatech:artica_proxy:1.7.072820
-
cpe:2.3:a:articatech:artica_proxy:1.8
-
cpe:2.3:a:articatech:artica_proxy:1.8.121102
-
cpe:2.3:a:articatech:artica_proxy:1.9.022321
-
cpe:2.3:a:articatech:artica_proxy:2.38.042901
-
cpe:2.3:a:articatech:artica_proxy:2.38.050402
-
cpe:2.3:a:articatech:artica_proxy:2.39.082718
-
cpe:2.3:a:articatech:artica_proxy:3.06.051813
-
cpe:2.3:a:articatech:artica_proxy:3.06.052317
-
cpe:2.3:a:articatech:artica_proxy:3.06.052612
-
cpe:2.3:a:articatech:artica_proxy:3.06.061618
-
cpe:2.3:a:articatech:artica_proxy:3.06.062800
-
cpe:2.3:a:articatech:artica_proxy:3.06.082512
-
cpe:2.3:a:articatech:artica_proxy:3.06.092501
-
cpe:2.3:a:articatech:artica_proxy:3.06.092512
-
cpe:2.3:a:articatech:artica_proxy:3.06.092522
-
cpe:2.3:a:articatech:artica_proxy:3.06.100211
-
cpe:2.3:a:articatech:artica_proxy:3.06.100223
-
cpe:2.3:a:articatech:artica_proxy:3.06.100600
-
cpe:2.3:a:articatech:artica_proxy:3.06.102218
-
cpe:2.3:a:articatech:artica_proxy:3.06.112216