Skip to main content

Nifi CVE-2017-7667

HIGH
Origin Validation Error (CWE-346)
2017-06-12 security@apache.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 12, 2017 - 16:29 cve.org
HIGH 7.5

DescriptionCVE.org

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.

AnalysisAI

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-346. Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin. Affected products include: Apache Nifi. Version information: before 0.7.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Nifi

View all
CVE-2023-34468 HIGH POC
8.8 Jun 12

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authe

CVE-2017-5636 CRITICAL
9.8 Oct 19

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization

CVE-2018-1309 CRITICAL
9.8 May 23

Apache NiFi External XML Entity issue in SplitXML processor. Rated critical severity (CVSS 9.8), this vulnerability is r

CVE-2023-36542 HIGH
8.8 Jul 29

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retriev

CVE-2022-33140 HIGH
8.8 Jun 15

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not ne

CVE-2019-12421 HIGH
8.8 Nov 19

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiF

CVE-2021-20190 HIGH
8.1 Jan 19

A flaw was found in jackson-databind before 2.9.10.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exp

CVE-2017-5635 HIGH
7.5 Oct 19

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to

CVE-2026-44914 HIGH
7.5 Jun 20

Authorization bypass in Apache NiFi 1.12.0 through 2.9.0 allows authenticated users with general write access to add Res

CVE-2023-22832 HIGH
7.5 Feb 10

The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references

CVE-2022-29265 HIGH
7.5 Apr 30

Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configu

CVE-2020-9491 HIGH
7.5 Oct 01

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connectio

Share

CVE-2017-7667 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy