Main Vulnerability Database Vulnerabilities #VU111840

#VU111840 Cross-site request forgery in Mongoose - CVE-2017-11567

Published: September 18, 2017 / Updated: June 23, 2025

Vulnerability identifier: #VU111840

Vulnerability risk: High

CVSSv4.0:

CVE-ID: CVE-2017-11567

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Mongoose

Software vendor:
Cesanta Software Ltd.

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as be leveraged to execute arbitrary code remotely.

Remediation

Install update from vendor's website.

External links

http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt
http://seclists.org/fulldisclosure/2017/Sep/3
https://www.exploit-db.com/exploits/42614/

#VU111840 Cross-site request forgery in Mongoose - CVE-2017-11567

Description

Remediation

External links

Please verify you're human