7.5

CVE-2017-14087

Exploit
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrendmicroOfficescan Version11.0
TrendmicroOfficescan Version12.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.33% 0.942
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1039500
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/1118372
Vendor Advisory
Mitigation
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFFICESCAN-XG-HOST-HEADER-INJECTION.txt
Third Party Advisory
Exploit
http://packetstormsecurity.com/files/144404/TrendMicro-OfficeScan-11.0-XG-12.0-Host-Header-Injection.html
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/fulldisclosure/2017/Sep/86
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/archive/1/541267/100/0/threaded
http://www.securityfocus.com/bid/101074
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42895/
Third Party Advisory
Exploit
VDB Entry