cvedb.io
CVE-2017-12784
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2017-08-21T07:29:00.187 · Last modified 2026-06-17T01:03:55.757

Summary

In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787.

Affected products

ccfile — cc_file_transfer

Does this affect you?

Add your gear to cvedb and we'll alert you only when ccfile ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.