CVE-2017-9447
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences.
En la interfaz web de Parallels Remote Application Server (RAS) 15.5 Build 16140, existe una vulnerabilidad debido a la validación incorrecta de la ruta de archivo al solicitar un recurso en el directorio "RASHTML5Gateway". Un atacante remoto no autenticado podrÃa explotar esta debilidad para leer archivos arbitrarios del sistema vulnerable empleando secuencias de salto de directorio.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-05 CVE Reserved
- 2018-02-28 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://blog.runesec.com/2018/02/22/parallels-ras-path-traversal | 2024-08-05 | |
| https://www.exploit-db.com/exploits/442321 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Parallels Search vendor "Parallels" | Remote Application Server Search vendor "Parallels" for product "Remote Application Server" | 15.5 Search vendor "Parallels" for product "Remote Application Server" and version "15.5" | - |
Affected
| ||||||