CORS Request Vulnerability in Rack-CORS by Cyu
CVE-2017-11173

8.8HIGH

Key Information:

Vendor

Rack-cors Project

Status
Rack-cors
Vendor
CVE Published:
13 July 2017

What is CVE-2017-11173?

A significant security flaw in rack-cors versions prior to 0.4.1 stems from a missing anchor in the generated regular expression. This oversight permits malicious third-party sites to execute CORS requests, potentially allowing access to resources from domains that were not intended to be allowed by the application. For instance, if a particular configuration is set to accept requests solely from the trusted example.com, unintended domains such as example.com.example.net and example.com-example.net could gain unauthorized access, exposing application resources to harmful exploitation.

References

http://seclists.org/fulldisclosure/2017/Jul/22
x_refsource_MISC
https://packetstormsecurity.com/files/143345/rack-cors-Mi...
x_refsource_MISC
https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.