CVE-2017-9506

EPSS 28.98% · P97 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-9506

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Atlassian OAuth Plugin 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Atlassian OAuth Plugin是澳大利亚Atlassian公司的一款用于访问个人Atlassian软件数据的授权插件。 Atlassian OAuth Plugin中的IconUriServlet存在安全漏洞。远程攻击者可利用该漏洞访问内部网络资源或执行跨站脚本攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Atlassian	Atlassian OAuth Plugin	From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4.	-

II. Public POCs for CVE-2017-9506

#	POC Description	Source Link	Shenlong Link
1	CVE-2017-9506 - SSRF	https://github.com/random-robbie/Jira-Scan	POC Details
2	CVE-2017-9506	https://github.com/pwn1sher/jira-ssrf	POC Details
3	Atlassian Jira XSS attack via Server Side Request Forgery (SSRF).	https://github.com/labsbots/CVE-2017-9506	POC Details
4	The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-9506.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-9506

请登录查看更多情报信息。

https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3x_refsource_MISC
https://twitter.com/Zer0Security/status/983529439433777152x_refsource_MISC
https://twitter.com/ankit_anubhav/status/973566620676382721x_refsource_MISC
http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.htmlx_refsource_MISC
https://ecosystem.atlassian.net/browse/OAUTH-344x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2017-9506

IV. Related Vulnerabilities

Same vendor: Atlassian

V. Comments for CVE-2017-9506

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2017-9506

I. Basic Information for CVE-2017-9506

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2017-9506

III. Intelligence Information for CVE-2017-9506

IV. Related Vulnerabilities

V. Comments for CVE-2017-9506

Leave a comment