CVE-2017-12965

CRITICAL

Apache2Triad 1.5.4 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-12965. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates session fixation, CSRF, and persistent XSS vulnerabilities in Apache2Triad v1.5.4. It includes PoC code for each CVE, showing how an attacker can hijack sessions, execute unauthorized actions, and inject malicious scripts.

Description

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/42520

View Code ZIP pw:eip

This exploit demonstrates session fixation, CSRF, and persistent XSS vulnerabilities in Apache2Triad v1.5.4. It includes PoC code for each CVE, showing how an attacker can hijack sessions, execute unauthorized actions, and inject malicious scripts.

Classification

Working Poc 100%

Attack Type

Xss | Auth Bypass | Other

Complexity

Trivial

Reliability

Reliable

Target: Apache2Triad v1.5.4

No auth needed

Prerequisites: Victim interaction required for session fixation and CSRF · Authenticated user session for XSS persistence

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42520/

Exploit, Third Party Advisory x_refsource_misc

http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/100447

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html

Scores

CVSS v3 9.8

EPSS 0.1567

EPSS Percentile 96.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-384

Status published

Products (1)

apache2triad/apache2triad 1.5.4

Published Aug 23, 2017

Tracked Since Feb 18, 2026