Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2017-16570

Published: 06/11/2017 Updated: 31/01/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Keystonejs

Vulnerability Summary

KeystoneJS prior to 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.

Vulnerable Product Search on Vulmon Subscribe to Product

keystonejs keystone

Exploits

Exploit DB: KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery
# Exploit Title: Application wide CSRF Bypass # Date: Sep, 2017 # Exploit Author: Saurabh Banawar # Vendor Homepage: keystonejscom/ # Software Link: githubcom/keystonejs/keystone # Version: 400 # Tested on: Windows 81 # CVE : 2017-16570 Link: vuldbcom/?id109170 Exploit: &lt;html&gt; &lt;body&gt; &lt;form action= ...

References

CWE-352https://github.com/keystonejs/keystone/pull/4478https://github.com/keystonejs/keystone/issues/4437http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/https://www.exploit-db.com/exploits/43922/https://nvd.nist.govhttps://www.exploit-db.com/exploits/43922/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook