CVE-2017-7667

CWE-3465 documents5 sources
Severity
7.5HIGH
EPSS
0.4%
top 39.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache NifiApache Software Foundation Apache Nifi
Timeline
PublishedJun 12
Latest updateMay 17

Description

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.nifi:nifi1.0.01.3.0+1
NVDapache/nifi0.7.3+6
CVEListV5apache_software_foundation/apache_nifi0.0.1 to 0.7.3, 1.0.0 to 1.2.0+1

🔴Vulnerability Details

3
OSV
Origin Validation Error in Apache NiFi2022-05-17
GHSA
Origin Validation Error in Apache NiFi2022-05-17
CVEList
CVE-2017-7667: Apache NiFi before 02017-06-12

📋Vendor Advisories

1
Apache
Apache nifi: CVE-2017-7667
CVE-2017-7667 (HIGH CVSS 7.5) | Apache NiFi before 0.7.4 and 1.x be | cvebase.io