CVE-2018-17194

EPSS 1.22%
Veröffentlicht 19.12.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 03:54:03
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and eventually timeout. Mitigation: The fix to check DELETE requests and overwrite non-zero Content-Length header values was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Nifi Version >= 1.0.0 <= 1.7.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.22%	0.771

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://nifi.apache.org/security.html#CVE-2018-17194

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-17194

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-17194

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-17194

EUVD