CVE-2017-16224

Severity Score

6.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e").

st es un módulo para servir archivos estáticos. Un atacante puede manipular una petición que resulta en un error HTTP 301 (redirección) a un dominio totalmente distinto. Una petición para: http://some.server.com//nodesecurity.org/%2e%2e resultaría en un error 301 a //nodesecurity.org/%2e%2e, el cual se consideraría una redirección correcta por la mayoría de navegadores. Esto se debe a que // se traduce en el esquema actual en uso. Factor mitigador: para que esto funcione, st debe estar sirviendo desde el root de un servidor (/) en lugar del típico subdirectorio (/static/) y la URL de redirección debe terminar con algún tipo de URL cifrada en .. ("%2e%2e", "%2e.", ".%2e").

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-10-09 First Exploit
2017-10-29 CVE Reserved
2018-06-07 CVE Published
2024-03-05 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://github.com/ossf-cve-benchmark/CVE-2017-16224	2017-10-09
https://nodesecurity.io/advisories/547	2024-09-16

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
St Project Search vendor "St Project"		St Search vendor "St Project" for product "St"				<= 1.2.1 Search vendor "St Project" for product "St" and version " <= 1.2.1"		node.js		Affected