CVE-2017-15412

HIGH

Redhat Enterprise Linux Desktop < 63.0.3239.84 - Use After Free

Title source: rule

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-15412. PoCs published by vaishakhcv, winterwolf32.

AI-analyzed exploit summary The repository contains a Perl script designed to exploit CVE-2017-15412, which appears to be an XXE (XML External Entity) vulnerability. The script sends a crafted XML payload to a target URL and checks for vulnerability by validating the response.

Description

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (2)

github WORKING POC 1 stars

by vaishakhcv · perlpoc

https://github.com/vaishakhcv/CVE-exploits/tree/master/CVE-2017-15412

View Code ZIP pw:eip

The repository contains a Perl script designed to exploit CVE-2017-15412, which appears to be an XXE (XML External Entity) vulnerability. The script sends a crafted XML payload to a target URL and checks for vulnerability by validating the response.

Classification

Working Poc 90%

Attack Type

Xxe

Complexity

Moderate

Reliability

Reliable

Target: Unknown (CVE-2017-15412 details are reserved)

No auth needed

Prerequisites: Target URL · Path to XML handler · XML payload file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

github WORKING POC

by winterwolf32 · perlpoc

https://github.com/winterwolf32/CVE_Exploits-/tree/master/CVE-2017-15412

View Code ZIP pw:eip

The repository contains a Perl script designed to exploit CVE-2017-15412, which targets a vulnerability in ModSecurity. The script sends a crafted XML payload to a specified URL and path, attempting to trigger the vulnerability. The code includes detailed command-line argument handling and response validation.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: ModSecurity

No auth needed

Prerequisites: target URL · path to XML handler · XML payload file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (9)

Core 9

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040348

Issue Tracking x_refsource_misc

https://crbug.com/727039

Issue Tracking x_refsource_misc

https://bugzilla.gnome.org/show_bug.cgi?id=783160

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4086

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0287

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2017:3401

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201801-03

Release Notes, Vendor Advisory x_refsource_misc

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html

Scores

CVSS v3 8.8

EPSS 0.0296

EPSS Percentile 85.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (9)

debian/debian_linux 7.0

debian/debian_linux 8.0

debian/debian_linux 9.0

google/chrome < 63.0.3239.84

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

rubygems/nokogiri 0 - 1.8.2RubyGems

xmlsoft/libxml2 < 2.9.5

Published Aug 28, 2018

Tracked Since Feb 18, 2026