CVE-2017-2100

MEDIUM

AppGoat <V3.0.1 - SSRF

Title source: llm

Description

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.

References (2)

[Third Party Advisory, VDB Entry] http://jvn.jp/en/jp/JVN87662835/index.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96229

Scores

CVSS v3 6.3

EPSS 0.0034

EPSS Percentile 55.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Classification

CWE

CWE-20

Status published

Affected Products (2)

ipa/appgoat < 3.0.1

INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)/Hands-on Vulnerability Learning Tool "AppGoat" for Web Application < V3.0.1 and earlier

Timeline

Published Apr 28, 2017

Tracked Since Feb 18, 2026