← Back

CVE-2017-14087

nvd nist
Published: Oct 6, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.

Affected (2)

Trendmicro
1 product
Officescan
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Trendmicro
Officescan
Version 11.0
Officescan
Version 12.0

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

Source: security@trendmicro.com
ExploitThird Party Advisory
Source: security@trendmicro.com
ExploitThird Party AdvisoryVDB Entry
Source: security@trendmicro.com
ExploitMailing ListThird Party Advisory
Source: security@trendmicro.com
Source: security@trendmicro.com
Third Party AdvisoryVDB Entry
Source: security@trendmicro.com
Third Party AdvisoryVDB Entry
Source: security@trendmicro.com
MitigationVendor Advisory
Source: security@trendmicro.com
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.