Miggo Logo

CVE-2017-16041: ikst Downloads Resources over HTTP

4.3

CVSS Score

Basic Information

EPSS Score
0.32812%
Published
7/24/2018
Updated
9/5/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
ikstnpm< 1.1.21.1.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure HTTP downloads. In Node.js, HTTP requests are typically made via http.get. While the exact ikst function wrapping this call isn't visible in the provided data, the core http.get method would appear in stack traces when the vulnerable download operation is executed. The medium confidence reflects the lack of direct code examples, but aligns with the vulnerability's nature and common implementation patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `ikst` ins**ur*ly *ownlo** r*sour**s ov*r *TTP. In s**n*rios w**r* *n *tt**k*r **s * privil**** n*twork position, t**y **n mo*i*y or r*** su** r*sour**s *t will. W*il* t** *x**t s*v*rity o* imp**t *or * vuln*r**ility lik* t*is

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* *TTP *ownlo**s. In No**.js, *TTP r*qu*sts *r* typi**lly m*** vi* `*ttp.**t`. W*il* t** *x**t ikst *un*tion wr*ppin* t*is **ll isn't visi*l* in t** provi*** **t*, t** *or* `*ttp.**t` m*t*o* woul* *pp**r in st**k t