CVE-2017-12784 Information

Description

In Youngzsoft CCFile (aka CC File Transfer) 3.6 by sending a crafted HTTP request it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many ‘|’ characters. NOTE: some sources use this ID for a NoviWare issue but the correct ID for that issue is CVE-2017-12787.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5