CVE-2018-17192
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Las cabeceras X-Frame-Options se aplicaron de forma inconsistente en algunas respuestas HTTP, lo que resulta en cabeceras de seguridad duplicadas o faltantes. Algunos navegadores interpretarían estos resultados incorrectamente, lo que permite ataques de secuestro de clics. Mitigación: La solución para aplicar de forma consistente las cabeceras de seguridad se aplicó en la distribución 1.8.0 de Apache NiFi. Los usuarios que ejecuten una distribución 1.x anterior deben actualizarla a la distribución adecuada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-19 CVE Reserved
- 2018-12-19 CVE Published
- 2024-08-05 CVE Updated
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://nifi.apache.org/security.html#CVE-2018-17192 | 2020-08-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Nifi Search vendor "Apache" for product "Nifi" | >= 1.0.0 <= 1.6.0 Search vendor "Apache" for product "Nifi" and version " >= 1.0.0 <= 1.6.0" | - |
Affected
|