Vulnerability Description
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rack-Cors Project | Rack-Cors | < 0.4.1 |
| Debian | Debian Linux | 9.0 |
References
- http://seclists.org/fulldisclosure/2017/Jul/22Mailing ListThird Party Advisory
- http://www.debian.org/security/2017/dsa-3931Third Party Advisory
- https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6PatchThird Party Advisory
- https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.htmlThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Jul/22Mailing ListThird Party Advisory
- http://www.debian.org/security/2017/dsa-3931Third Party Advisory
- https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6PatchThird Party Advisory
- https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.htmlThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-11173?
CVE-2017-11173 is a vulnerability with a CVSS score of 8.8 (HIGH). Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com doma...
How severe is CVE-2017-11173?
CVE-2017-11173 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11173?
Check the references section above for vendor advisories and patch information. Affected products include: Rack-Cors Project Rack-Cors, Debian Debian Linux.