Clickjacking Affecting org.apache.nifi:nifi-jetty package, versions [,1.8.0)

Attack Complexity

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-ORGAPACHENIFI-72711
published

20 Dec 2018
disclosed

19 Dec 2018
credit

Suchithra V N

Report a new vulnerability Found a mistake?

Introduced: 19 Dec 2018

CVE-2018-17192 Open this link in a new tab CWE-451 Open this link in a new tab

How to fix?

Upgrade org.apache.nifi:nifi-jetty to version 1.8.0 or higher.

Overview

Affected versions of this package are vulnerable to Clickjacking. The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.

References

Apache Nifi Security Advisory
GitHub Commit
Nifi Jira Issue

Clickjacking Affecting org.apache.nifi:nifi-jetty package, versions [,1.8.0)

Attack Complexity

snyk-id

published

disclosed

credit

Introduced: 19 Dec 2018

How to fix?

Overview

References