Security Advisory

CVE-2017-8794

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-05-05 18:00:00

Last updated 2024-08-05 16:48:21

Assigner mitre

State PUBLISHED

Description

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.

← Browse all CVEs View on cve.org ↗