CVE-2017-12784 — HIGH (7.5)

Vulnerability Description

In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ccfile	Cc File Transfer	3.6

Related Weaknesses (CWE)

CWE-20

References

https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/viewExploitThird Party Advisory
https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/viewExploitThird Party Advisory

FAQ

What is CVE-2017-12784?

CVE-2017-12784 is a vulnerability with a CVSS score of 7.5 (HIGH). In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An examp...

How severe is CVE-2017-12784?

CVE-2017-12784 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12784?

Check the references section above for vendor advisories and patch information. Affected products include: Ccfile Cc File Transfer.