{"vulnerability": "cve-2017-1756", "sightings": [{"uuid": "72c6de74-6d4a-460f-833b-d3f2c27fea6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "ab88274e-24db-4c4a-bd98-4e977dbb5056", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17560", "type": "exploited", "source": "https://www.exploit-db.com/exploits/43356", "content": "", "creation_timestamp": "2017-12-18T00:00:00.000000Z"}, {"uuid": "aadc69d0-04ef-47b2-b9b0-e1cb874c53f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:15.000000Z"}, {"uuid": "19be07ed-6106-46c6-b32d-1c1dd779d804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "seen", "source": "https://t.me/arpsyndicate/1508", "content": "#ExploitObserverAlert\n\nCVE-2017-17562\n\nDESCRIPTION: Exploit Observer has 35 entries related to CVE-2017-17562. Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.\n\nFIRST-EPSS: 0.974550000\nNVD-IS: 5.9\nNVD-ES: 2.2", "creation_timestamp": "2023-12-06T16:15:52.000000Z"}, {"uuid": "7eac7a83-58f5-4814-ad5b-9cd53e718856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "published-proof-of-concept", "source": "Telegram/Ix8Ci14izz05HyZ9-T912SKnHD_9ayhUN9iUAZi71W9LkA", "content": "", "creation_timestamp": "2021-11-16T02:23:12.000000Z"}, {"uuid": "af6c681d-b0bf-4c56-bf1e-793062d4c559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "exploited", "source": "https://www.exploit-db.com/exploits/43360", "content": "", "creation_timestamp": "2017-12-18T00:00:00.000000Z"}, {"uuid": "5e5019b4-e3ab-4605-8164-0df11e60af86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "exploited", "source": "https://www.exploit-db.com/exploits/43877", "content": "", "creation_timestamp": "2018-01-24T00:00:00.000000Z"}, {"uuid": "d3825e89-7392-4f92-9e50-a396e2b430dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17560", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "dd73b4cd-144d-4572-9abb-2d269fd937b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "e586dee4-48f1-4a44-9898-cea795e12df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17560", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:09:55.000000Z"}, {"uuid": "1bc5681d-0c9d-44b4-ab56-043000d0065d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:09:55.000000Z"}, {"uuid": "bf6b84a1-01a6-4776-b763-f4c621c8046b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-12)", "content": "", "creation_timestamp": "2025-03-12T00:00:00.000000Z"}, {"uuid": "dbc38986-a331-41dd-ad2b-b29ed5165282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/goahead_ldpreload.rb", "content": "", "creation_timestamp": "2018-05-29T15:50:33.000000Z"}, {"uuid": "2f6c1aa1-e769-4a80-ba65-820035d6695d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/853a8547-0e7e-43ce-a628-bd2c34a3cb2e", "content": "", "creation_timestamp": "2026-02-02T12:28:31.411049Z"}, {"uuid": "146fd6dc-1f9f-457a-9e66-0de7e2ed54fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "published-proof-of-concept", "source": "https://t.me/antichat/456", "content": "GoAhead web server < 3.6.5 remote code execution via LD_PRELOAD\n\nAdvisory:\nhttps://www.elttam.com.au/blog/goahead/ \n\nExploit:\nhttps://github.com/elttam/advisories/tree/master/CVE-2017-17562", "creation_timestamp": "2017-12-18T23:10:28.000000Z"}, {"uuid": "d202dd3b-32e9-484b-b0a9-3bb26870b61b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971187", "content": "", "creation_timestamp": "2024-12-24T20:25:34.382051Z"}, {"uuid": "181e68ce-5837-415e-b224-cd2e0f2e558e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:03.000000Z"}, {"uuid": "0ed10113-d434-4872-a64e-98b6130b7290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17560", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/wd_mycloud_multiupload_upload.rb", "content": "", "creation_timestamp": "2018-05-29T15:50:33.000000Z"}, {"uuid": "190c255c-8d03-4c3f-9f41-c8ad6ebc2f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-17562", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/853a8547-0e7e-43ce-a628-bd2c34a3cb2e", "content": "", "creation_timestamp": "2026-02-02T12:28:31.411049Z"}]}