CVE-2017-12632

Опубликовано: 23 янв. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Ссылки

https://nifi.apache.org/security.html#CVE-2017-12632
Vendor Advisory
https://nifi.apache.org/security.html#CVE-2017-12632
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*

Версия до 1.4.0 (включая)

EPSS

Процентиль: 61%

0.00414

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-w4x6-j349-9r57