CVE-2017-15717 - OpenCVE

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Sling Xss Protection Api Sling Xss Protection Api Compat

Configuration 1 [-]

OR	cpe:2.3:a:apache:sling_xss_protection_api::::::::
	cpe:2.3:a:apache:sling_xss_protection_api:2.0.0:::::::*
	cpe:2.3:a:apache:sling_xss_protection_api_compat:1.1.0:::::::*

No data.

References

Link	Providers
https://s.apache.org/CVE-2017-15717

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-01-10T14:00:00Z

Updated: 2024-09-17T01:06:14.724Z

Reserved: 2017-10-21T00:00:00

Link: CVE-2017-15717

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-01-10T14:29:00.263

Modified: 2018-02-02T18:43:15.767

Link: CVE-2017-15717

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache Sling", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "XSS Protection API 1.0.4 to 1.0.18"}, {"status": "affected", "version": "XSS Protection API Compat 1.1.0"}, {"status": "affected", "version": "XSS Protection API 2.0.0"}]}], "datePublic": "2018-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0."}], "problemTypes": [{"descriptions": [{"description": "Insufficient XSS protection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-10T13:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://s.apache.org/CVE-2017-15717"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-01-10T00:00:00", "ID": "CVE-2017-15717", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Sling", "version": {"version_data": [{"version_value": "XSS Protection API 1.0.4 to 1.0.18"}, {"version_value": "XSS Protection API Compat 1.1.0"}, {"version_value": "XSS Protection API 2.0.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient XSS protection"}]}]}, "references": {"reference_data": [{"name": "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API", "refsource": "MLIST", "url": "https://s.apache.org/CVE-2017-15717"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:04:49.291Z"}, "title": "CVE Program Container", "references": [{"name": "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://s.apache.org/CVE-2017-15717"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-15717", "datePublished": "2018-01-10T14:00:00Z", "dateReserved": "2017-10-21T00:00:00", "dateUpdated": "2024-09-17T01:06:14.724Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:sling_xss_protection_api:*:*:*:*:*:*:*:*", "matchCriteriaId": "956A4CBC-C078-44B0-8280-28E1B7F65D5A", "versionEndIncluding": "1.0.18", "versionStartExcluding": "1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:sling_xss_protection_api:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8CE953DD-F41F-489C-AA69-038EE9A64338", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:sling_xss_protection_api_compat:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "42CF40B5-0046-4F0B-B4CE-74FDEF2D947A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0."}, {"lang": "es", "value": "Un defecto en la manera en la que se escapan y codifican las URL en org.apache.sling.xss.impl.XSSAPIImpl#getValidHref y org.apache.sling.xss.impl.XSSFilterImpl#isValidHref permite que se pasen URL especialmente manipuladas como v\u00e1lidas, aunque porten cargas \u00fatiles XSS. Las versiones afectadas son Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 y Apache Sling XSS Protection API 2.0.0."}], "id": "CVE-2017-15717", "lastModified": "2018-02-02T18:43:15.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-10T14:29:00.263", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://s.apache.org/CVE-2017-15717"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}