1. Home
  2. Vulnerabilities
  3. CVE-2018-17192

CVE-2018-17192

CVSS v3.0 6.5 (Medium)
65% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.26 % (66th)
0.26% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Weaknesses
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2018-12-19 14:29:00
(5 years ago)
Updated Date
2020-08-24 17:37:01
(4 years ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Nifi from 1.0.0 version and 1.6.0 and prior versions cpe:2.3:a:apache:nifi >= 1.0.0 <= 1.6.0