1. CVE-Search
  2. CVE-2017-11173
ID CVE-2017-11173
Summary Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.
References
Vulnerable Configurations
  • cpe:2.3:a:rack-cors_project:rack-cors:0.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.1.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.1.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.1.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.2.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.2.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.2.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.2.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.2.3:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.2.3:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.2.4:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.2.4:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.2.5:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.2.5:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.2.6:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.2.6:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.2.7:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.2.7:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.2.8:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.2.8:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.2.9:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.2.9:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.3.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.3.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.3.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.3.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rack-cors_project:rack-cors:0.4.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:rack-cors_project:rack-cors:0.4.0:*:*:*:*:ruby:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-03-2020 - 19:16)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
debian DSA-3931
misc
Last major update 03-03-2020 - 19:16
Published 13-07-2017 - 03:29
Last modified 03-03-2020 - 19:16
Back to Top