CVE-2017-12632

Published: Jan 23, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Affected (1)

Products: Apache: Nifi

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Nifi	Up to 1.4.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://nifi.apache.org/security.html#CVE-2017-12632

Source: security@apache.org

Vendor Advisory

https://nifi.apache.org/security.html#CVE-2017-12632

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.