Showing 1 - 1 of 1

CVE-2020-16171

Status Candidate

Overview

An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.

Related Files

Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery: Posted Sep 16, 2020; Authored by Julien Ahrens | Site rcesecurity.com; Acronis Cyber Backup version 12.5 Build 16341 suffers from a server-side request forgery vulnerability.; tags | exploit; advisories | CVE-2020-16171; SHA-256 | 5776367a895d7236549ae9bed6615f059a8c84f1ee0883489602ba985f741b60; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 231 files
indoushka 108 files
Ubuntu 86 files
Gentoo 36 files
Jasper Nota 25 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,789)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,546)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,754)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other

CVE-2020-16171

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems