Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-72fg-jqhx-c68p

Опубликовано: 06 авг. 2018
Источник: github
Github: Прошло ревью
CVSS3: 6.1

Описание

Open Redirect in st

st is a module for serving static files.

An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain.

A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used.

Mitigating factor:

In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e").

Code example (provided by Xin Gao):

[example.js]

var st = require('st') var http = require('http') http.createServer(st(process.cwd())).listen(1337)
$ curl -v http://localhost:1337//cve.mitre.com/%2e%2e * Trying ::1... * TCP_NODELAY set * Connected to localhost (::1) port 1337 (#0) > GET //cve.mitre.com/%2e%2e HTTP/1.1 > Host: localhost:1337 > User-Agent: curl/7.54.0 > Accept: */* > < HTTP/1.1 301 Moved Permanently < cache-control: public, max-age=600 < last-modified: Fri, 13 Oct 2017 22:56:33 GMT < etag: "16777220-46488904-1507935393000" < location: //cve.mitre.com/%2e%2e/ < Date: Fri, 13 Oct 2017 22:56:41 GMT < Connection: keep-alive < Content-Length: 30 < * Connection #0 to host localhost left intact

Recommendation

Update to version 1.2.2 or later.

Ссылки

Пакеты

Наименование

st

npm
Затронутые версииВерсия исправления

<= 1.2.1

1.2.2

EPSS

Процентиль: 44%
0.00215
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2017-16224

Дефекты

CWE-601

Связанные уязвимости

nvd логотип

CVE-2017-16224

CVSS3: 6.1
nvd
больше 7 лет назад

st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e").

EPSS

Процентиль: 44%
0.00215
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2017-16224

Дефекты

CWE-601