Strix
26.1K

CVE-2017-12614

UnknownEPSS 2.00%

Last modified

CVE-2017-12614 is a vulnerability of currently unknown severity. It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. EPSS estimates a 2.00% chance of exploitation in the next 30 days.

Description

It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.

Metrics

EPSS Probability
2.00%

78.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ApacheAirflow< 1.9.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-12614?
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.
How severe is CVE-2017-12614?
Severity scoring for CVE-2017-12614 is pending analysis. The EPSS model estimates a 2.00% probability of exploitation in the next 30 days.
How do I fix CVE-2017-12614?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-12614?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST