NVD Vulnerability Detail

CVE-2017-14087

Summary	A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
Publication Date	Oct. 6, 2017, 10:29 a.m.
Registration Date	Jan. 26, 2021, 1:15 p.m.
Last Update	Nov. 21, 2024, 12:12 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFFICESCAN-XG-HOST-HEADER-INJECTION.txt	Exploit Third Party Advisory
2	http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFFICESCAN-XG-HOST-HEADER-INJECTION.txt	Exploit Third Party Advisory
3	http://packetstormsecurity.com/files/144404/TrendMicro-OfficeScan-11.0-XG-12.0-Host-Header-Injection.html	Exploit Third Party Advisory VDB Entry
4	http://packetstormsecurity.com/files/144404/TrendMicro-OfficeScan-11.0-XG-12.0-Host-Header-Injection.html	Exploit Third Party Advisory VDB Entry
5	http://seclists.org/fulldisclosure/2017/Sep/86	Exploit Mailing List Third Party Advisory
6	http://seclists.org/fulldisclosure/2017/Sep/86	Exploit Mailing List Third Party Advisory
7	http://www.securityfocus.com/archive/1/541267/100/0/threaded
8	http://www.securityfocus.com/archive/1/541267/100/0/threaded
9	http://www.securityfocus.com/bid/101074	Third Party Advisory VDB Entry
10	http://www.securityfocus.com/bid/101074	Third Party Advisory VDB Entry
11	http://www.securitytracker.com/id/1039500	Third Party Advisory VDB Entry
12	http://www.securitytracker.com/id/1039500	Third Party Advisory VDB Entry
13	https://success.trendmicro.com/solution/1118372	Mitigation Vendor Advisory
14	https://success.trendmicro.com/solution/1118372	Mitigation Vendor Advisory
15	https://www.exploit-db.com/exploits/42895/	Exploit Third Party Advisory VDB Entry
16	https://www.exploit-db.com/exploits/42895/	Exploit Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

Trend Micro OfficeScan における入力確認に関する脆弱性

Title	Trend Micro OfficeScan における入力確認に関する脆弱性
Summary	Trend Micro OfficeScan には、入力確認に関する脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 27, 2017, midnight
Registration Date	Oct. 30, 2017, 11:57 a.m.
Last Update	March 4, 2019, 11:27 a.m.

Affected System

トレンドマイクロ

Trend Micro OfficeScan

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-14087	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14087
2	CVE-2017-14087	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14087
National Vulnerability Database (NVD)
3	CVE-2017-14087	https://nvd.nist.gov/vuln/detail/CVE-2017-14087
4	CVE-2017-14087	https://nvd.nist.gov/vuln/detail/CVE-2017-14087

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html
2	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
TrendMicro Solution
1	Solution Id:1118372	https://success.trendmicro.com/solution/1118372
2	Solution Id:1118372	https://success.trendmicro.com/solution/1118372

その他

Change Log

No	Changed Details	Date of change
0	[2017年10月30日] 掲載	Feb. 17, 2018, 10:37 a.m.
1	[2019年03月04日] 参考情報：JVN (JVNVU#91054129) を追加	March 4, 2019, 10:34 a.m.