CVE-2017-15220
CRITICALFlexense VX Search - Memory Corruption
Title source: ruleDescription
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.
Exploits (2)
exploitdb
WORKING POC
by Revnic Vasile · pythonremotewindows
https://www.exploit-db.com/exploits/42973
nomisec
WORKING POC
by vasilerevnic · poc
https://github.com/vasilerevnic/CVE-2017-15220-vxsearch-rce
Scores
CVSS v3
9.8
EPSS
0.1237
EPSS Percentile
93.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
flexense/vx_search
10.1.12
Published
Oct 11, 2017
Tracked Since
Feb 18, 2026