CVE-2017-8794

Name of the Vulnerable Software and Affected Versions Accellion FTA versions prior to FTA 9 12 180

Description An issue was discovered that allows SSRF attacks. The problem arises from a regular expression, intended to match local https URLs, lacking an initial ^ character. This affects the courier/web/1000@/wmProgressval.html endpoint, allowing attacks with a file:///etc/passwd#https:// URL pattern.

Recommendations For versions prior to FTA 9 12 180, update to version FTA 9 12 180 or later to resolve the issue. As a temporary workaround, consider restricting access to the courier/web/1000@/wmProgressval.html endpoint to minimize the risk of exploitation.